Context Navigation

cfparse.c @ b376ae1

55-freebsd-126-freebsd-12

Last change on this file since b376ae1 was b376ae1, checked in by Christian Mauderer <christian.mauderer@…>, on 05/03/18 at 12:15:11

ipsec-tools: Port libipsec, setkey and racoon.

Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.

Property mode set to 100644

File size: 125.5 KB

Line
1	/* original parser id follows */
2	/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */
3	/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */
4
5	#define YYBYACC 1
6	#define YYMAJOR 1
7	#define YYMINOR 9
8	#define YYPATCH 20170201
9
10	#define YYEMPTY (-1)
11	#define yyclearin (yychar = YYEMPTY)
12	#define yyerrok (yyerrflag = 0)
13	#define YYRECOVERING() (yyerrflag != 0)
14	#define YYENOMEM (-2)
15	#define YYEOF 0
16
17	#ifndef yyparse
18	#define yyparse racoonyyparse
19	#endif /* yyparse */
20
21	#ifndef yylex
22	#define yylex racoonyylex
23	#endif /* yylex */
24
25	#ifndef yyerror
26	#define yyerror racoonyyerror
27	#endif /* yyerror */
28
29	#ifndef yychar
30	#define yychar racoonyychar
31	#endif /* yychar */
32
33	#ifndef yyval
34	#define yyval racoonyyval
35	#endif /* yyval */
36
37	#ifndef yylval
38	#define yylval racoonyylval
39	#endif /* yylval */
40
41	#ifndef yydebug
42	#define yydebug racoonyydebug
43	#endif /* yydebug */
44
45	#ifndef yynerrs
46	#define yynerrs racoonyynerrs
47	#endif /* yynerrs */
48
49	#ifndef yyerrflag
50	#define yyerrflag racoonyyerrflag
51	#endif /* yyerrflag */
52
53	#ifndef yylhs
54	#define yylhs racoonyylhs
55	#endif /* yylhs */
56
57	#ifndef yylen
58	#define yylen racoonyylen
59	#endif /* yylen */
60
61	#ifndef yydefred
62	#define yydefred racoonyydefred
63	#endif /* yydefred */
64
65	#ifndef yydgoto
66	#define yydgoto racoonyydgoto
67	#endif /* yydgoto */
68
69	#ifndef yysindex
70	#define yysindex racoonyysindex
71	#endif /* yysindex */
72
73	#ifndef yyrindex
74	#define yyrindex racoonyyrindex
75	#endif /* yyrindex */
76
77	#ifndef yygindex
78	#define yygindex racoonyygindex
79	#endif /* yygindex */
80
81	#ifndef yytable
82	#define yytable racoonyytable
83	#endif /* yytable */
84
85	#ifndef yycheck
86	#define yycheck racoonyycheck
87	#endif /* yycheck */
88
89	#ifndef yyname
90	#define yyname racoonyyname
91	#endif /* yyname */
92
93	#ifndef yyrule
94	#define yyrule racoonyyrule
95	#endif /* yyrule */
96	#define YYPREFIX "racoonyy"
97
98	#define YYPURE 0
99
100	#line 6 "../../ipsec-tools/src/racoon/cfparse.y"
101	/*
102	* Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project.
103	* All rights reserved.
104	*
105	* Redistribution and use in source and binary forms, with or without
106	* modification, are permitted provided that the following conditions
107	* are met:
108	* 1. Redistributions of source code must retain the above copyright
109	* notice, this list of conditions and the following disclaimer.
110	* 2. Redistributions in binary form must reproduce the above copyright
111	* notice, this list of conditions and the following disclaimer in the
112	* documentation and/or other materials provided with the distribution.
113	* 3. Neither the name of the project nor the names of its contributors
114	* may be used to endorse or promote products derived from this software
115	* without specific prior written permission.
116	*
117	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
118	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
119	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
120	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
121	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
122	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
123	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
124	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
125	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
126	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
127	* SUCH DAMAGE.
128	*/
129
130	#include "config.h"
131
132	#include <sys/types.h>
133	#include <sys/param.h>
134	#include <sys/queue.h>
135	#include <sys/socket.h>
136
137	#include <netinet/in.h>
138	#include PATH_IPSEC_H
139
140	#ifdef ENABLE_HYBRID
141	#include <arpa/inet.h>
142	#endif
143
144	#include <stdlib.h>
145	#include <stdio.h>
146	#include <string.h>
147	#include <errno.h>
148	#include <netdb.h>
149	#include <pwd.h>
150	#include <grp.h>
151
152	#include "var.h"
153	#include "misc.h"
154	#include "vmbuf.h"
155	#include "plog.h"
156	#include "sockmisc.h"
157	#include "str2val.h"
158	#include "genlist.h"
159	#include "debug.h"
160
161	#include "admin.h"
162	#include "privsep.h"
163	#include "cfparse_proto.h"
164	#include "cftoken_proto.h"
165	#include "algorithm.h"
166	#include "localconf.h"
167	#include "policy.h"
168	#include "sainfo.h"
169	#include "oakley.h"
170	#include "pfkey.h"
171	#include "remoteconf.h"
172	#include "grabmyaddr.h"
173	#include "isakmp_var.h"
174	#include "handler.h"
175	#include "isakmp.h"
176	#include "nattraversal.h"
177	#include "isakmp_frag.h"
178	#ifdef ENABLE_HYBRID
179	#include "resolv.h"
180	#include "isakmp_unity.h"
181	#include "isakmp_xauth.h"
182	#include "isakmp_cfg.h"
183	#endif
184	#include "ipsec_doi.h"
185	#include "strnames.h"
186	#include "gcmalloc.h"
187	#ifdef HAVE_GSSAPI
188	#include "gssapi.h"
189	#endif
190	#include "vendorid.h"
191	#include "rsalist.h"
192	#include "crypto_openssl.h"
193
194	struct secprotospec {
195	int prop_no;
196	int trns_no;
197	int strength; /* for isakmp/ipsec */
198	int encklen; /* for isakmp/ipsec */
199	time_t lifetime; /* for isakmp */
200	int lifebyte; /* for isakmp */
201	int proto_id; /* for ipsec (isakmp?) */
202	int ipsec_level; /* for ipsec */
203	int encmode; /* for ipsec */
204	int vendorid; /* for isakmp */
205	char *gssid;
206	struct sockaddr *remote;
207	int algclass[MAXALGCLASS];
208
209	struct secprotospec next; / the tail is the most prefiered. */
210	struct secprotospec *prev;
211	};
212
213	static int num2dhgroup[] = {
214	0,
215	OAKLEY_ATTR_GRP_DESC_MODP768,
216	OAKLEY_ATTR_GRP_DESC_MODP1024,
217	OAKLEY_ATTR_GRP_DESC_EC2N155,
218	OAKLEY_ATTR_GRP_DESC_EC2N185,
219	OAKLEY_ATTR_GRP_DESC_MODP1536,
220	0,
221	0,
222	0,
223	0,
224	0,
225	0,
226	0,
227	0,
228	OAKLEY_ATTR_GRP_DESC_MODP2048,
229	OAKLEY_ATTR_GRP_DESC_MODP3072,
230	OAKLEY_ATTR_GRP_DESC_MODP4096,
231	OAKLEY_ATTR_GRP_DESC_MODP6144,
232	OAKLEY_ATTR_GRP_DESC_MODP8192
233	};
234
235	static struct remoteconf *cur_rmconf;
236	static int tmpalgtype[MAXALGCLASS];
237	static struct sainfo *cur_sainfo;
238	static int cur_algclass;
239	static int oldloglevel = LLV_BASE;
240
241	static struct secprotospec *newspspec __P((void));
242	static void insspspec __P((struct remoteconf , struct secprotospec ));
243	void dupspspec_list __P((struct remoteconf dst, struct remoteconf src));
244	void flushspspec __P((struct remoteconf *));
245	static void adminsock_conf __P((vchar_t , vchar_t , vchar_t *, int));
246
247	static int set_isakmp_proposal __P((struct remoteconf *));
248	static void clean_tmpalgtype __P((void));
249	static int expand_isakmpspec __P((int, int, int *,
250	int, int, time_t, int, int, int, char , struct remoteconf ));
251
252	void freeetypes (struct etypes **etypes);
253
254	static int load_x509(const char file, char *filenameptr,
255	vchar_t **certptr)
256	{
257	char path[PATH_MAX];
258
259	getpathname(path, sizeof(path), LC_PATHTYPE_CERT, file);
260	*certptr = eay_get_x509cert(path);
261	if (*certptr == NULL)
262	return -1;
263
264	*filenameptr = racoon_strdup(file);
265	STRDUP_FATAL(*filenameptr);
266
267	return 0;
268	}
269
270	static int process_rmconf()
271	{
272
273	/* check a exchange mode */
274	if (cur_rmconf->etypes == NULL) {
275	yyerror("no exchange mode specified.\n");
276	return -1;
277	}
278
279	if (cur_rmconf->idvtype == IDTYPE_UNDEFINED)
280	cur_rmconf->idvtype = IDTYPE_ADDRESS;
281
282	if (cur_rmconf->idvtype == IDTYPE_ASN1DN) {
283	if (cur_rmconf->mycertfile) {
284	if (cur_rmconf->idv)
285	yywarn("Both CERT and ASN1 ID "
286	"are set. Hope this is OK.\n");
287	/* TODO: Preparse the DN here */
288	} else if (cur_rmconf->idv) {
289	/* OK, using asn1dn without X.509. */
290	} else {
291	yyerror("ASN1 ID not specified "
292	"and no CERT defined!\n");
293	return -1;
294	}
295	}
296
297	if (duprmconf_finish(cur_rmconf))
298	return -1;
299
300	if (set_isakmp_proposal(cur_rmconf) != 0)
301	return -1;
302
303	/* DH group settting if aggressive mode is there. */
304	if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) {
305	struct isakmpsa *p;
306	int b = 0;
307
308	/* DH group */
309	for (p = cur_rmconf->proposal; p; p = p->next) {
310	if (b == 0 \|\| (b && b == p->dh_group)) {
311	b = p->dh_group;
312	continue;
313	}
314	yyerror("DH group must be equal "
315	"in all proposals "
316	"when aggressive mode is "
317	"used.\n");
318	return -1;
319	}
320	cur_rmconf->dh_group = b;
321
322	if (cur_rmconf->dh_group == 0) {
323	yyerror("DH group must be set in the proposal.\n");
324	return -1;
325	}
326
327	/* DH group settting if PFS is required. */
328	if (oakley_setdhgroup(cur_rmconf->dh_group,
329	&cur_rmconf->dhgrp) < 0) {
330	yyerror("failed to set DH value.\n");
331	return -1;
332	}
333	}
334
335	insrmconf(cur_rmconf);
336
337	return 0;
338	}
339
340	#ifdef YYSTYPE
341	#undef YYSTYPE_IS_DECLARED
342	#define YYSTYPE_IS_DECLARED 1
343	#endif
344	#ifndef YYSTYPE_IS_DECLARED
345	#define YYSTYPE_IS_DECLARED 1
346	#line 247 "../../ipsec-tools/src/racoon/cfparse.y"
347	typedef union {
348	unsigned long num;
349	vchar_t *val;
350	struct remoteconf *rmconf;
351	struct sockaddr *saddr;
352	struct sainfoalg *alg;
353	} YYSTYPE;
354	#endif /* !YYSTYPE_IS_DECLARED */
355	#line 356 "racoonyy.tab.c"
356
357	/* compatibility with bison */
358	#ifdef YYPARSE_PARAM
359	/* compatibility with FreeBSD */
360	# ifdef YYPARSE_PARAM_TYPE
361	# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
362	# else
363	# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
364	# endif
365	#else
366	# define YYPARSE_DECL() yyparse(void)
367	#endif
368
369	/* Parameters sent to lex. */
370	#ifdef YYLEX_PARAM
371	# define YYLEX_DECL() yylex(void *YYLEX_PARAM)
372	# define YYLEX yylex(YYLEX_PARAM)
373	#else
374	# define YYLEX_DECL() yylex(void)
375	# define YYLEX yylex()
376	#endif
377
378	/* Parameters sent to yyerror. */
379	#ifndef YYERROR_DECL
380	#define YYERROR_DECL() yyerror(const char *s)
381	#endif
382	#ifndef YYERROR_CALL
383	#define YYERROR_CALL(msg) yyerror(msg)
384	#endif
385
386	extern int YYPARSE_DECL();
387
388	#define PRIVSEP 257
389	#define USER 258
390	#define GROUP 259
391	#define CHROOT 260
392	#define PATH 261
393	#define PATHTYPE 262
394	#define INCLUDE 263
395	#define PFKEY_BUFFER 264
396	#define LOGGING 265
397	#define LOGLEV 266
398	#define PADDING 267
399	#define PAD_RANDOMIZE 268
400	#define PAD_RANDOMIZELEN 269
401	#define PAD_MAXLEN 270
402	#define PAD_STRICT 271
403	#define PAD_EXCLTAIL 272
404	#define LISTEN 273
405	#define X_ISAKMP 274
406	#define X_ISAKMP_NATT 275
407	#define X_ADMIN 276
408	#define STRICT_ADDRESS 277
409	#define ADMINSOCK 278
410	#define DISABLED 279
411	#define LDAPCFG 280
412	#define LDAP_HOST 281
413	#define LDAP_PORT 282
414	#define LDAP_PVER 283
415	#define LDAP_BASE 284
416	#define LDAP_BIND_DN 285
417	#define LDAP_BIND_PW 286
418	#define LDAP_SUBTREE 287
419	#define LDAP_ATTR_USER 288
420	#define LDAP_ATTR_ADDR 289
421	#define LDAP_ATTR_MASK 290
422	#define LDAP_ATTR_GROUP 291
423	#define LDAP_ATTR_MEMBER 292
424	#define RADCFG 293
425	#define RAD_AUTH 294
426	#define RAD_ACCT 295
427	#define RAD_TIMEOUT 296
428	#define RAD_RETRIES 297
429	#define MODECFG 298
430	#define CFG_NET4 299
431	#define CFG_MASK4 300
432	#define CFG_DNS4 301
433	#define CFG_NBNS4 302
434	#define CFG_DEFAULT_DOMAIN 303
435	#define CFG_AUTH_SOURCE 304
436	#define CFG_AUTH_GROUPS 305
437	#define CFG_SYSTEM 306
438	#define CFG_RADIUS 307
439	#define CFG_PAM 308
440	#define CFG_LDAP 309
441	#define CFG_LOCAL 310
442	#define CFG_NONE 311
443	#define CFG_GROUP_SOURCE 312
444	#define CFG_ACCOUNTING 313
445	#define CFG_CONF_SOURCE 314
446	#define CFG_MOTD 315
447	#define CFG_POOL_SIZE 316
448	#define CFG_AUTH_THROTTLE 317
449	#define CFG_SPLIT_NETWORK 318
450	#define CFG_SPLIT_LOCAL 319
451	#define CFG_SPLIT_INCLUDE 320
452	#define CFG_SPLIT_DNS 321
453	#define CFG_PFS_GROUP 322
454	#define CFG_SAVE_PASSWD 323
455	#define RETRY 324
456	#define RETRY_COUNTER 325
457	#define RETRY_INTERVAL 326
458	#define RETRY_PERSEND 327
459	#define RETRY_PHASE1 328
460	#define RETRY_PHASE2 329
461	#define NATT_KA 330
462	#define ALGORITHM_CLASS 331
463	#define ALGORITHMTYPE 332
464	#define STRENGTHTYPE 333
465	#define SAINFO 334
466	#define FROM 335
467	#define REMOTE 336
468	#define ANONYMOUS 337
469	#define CLIENTADDR 338
470	#define INHERIT 339
471	#define REMOTE_ADDRESS 340
472	#define EXCHANGE_MODE 341
473	#define EXCHANGETYPE 342
474	#define DOI 343
475	#define DOITYPE 344
476	#define SITUATION 345
477	#define SITUATIONTYPE 346
478	#define CERTIFICATE_TYPE 347
479	#define CERTTYPE 348
480	#define PEERS_CERTFILE 349
481	#define CA_TYPE 350
482	#define VERIFY_CERT 351
483	#define SEND_CERT 352
484	#define SEND_CR 353
485	#define MATCH_EMPTY_CR 354
486	#define IDENTIFIERTYPE 355
487	#define IDENTIFIERQUAL 356
488	#define MY_IDENTIFIER 357
489	#define PEERS_IDENTIFIER 358
490	#define VERIFY_IDENTIFIER 359
491	#define DNSSEC 360
492	#define CERT_X509 361
493	#define CERT_PLAINRSA 362
494	#define NONCE_SIZE 363
495	#define DH_GROUP 364
496	#define KEEPALIVE 365
497	#define PASSIVE 366
498	#define INITIAL_CONTACT 367
499	#define NAT_TRAVERSAL 368
500	#define REMOTE_FORCE_LEVEL 369
501	#define PROPOSAL_CHECK 370
502	#define PROPOSAL_CHECK_LEVEL 371
503	#define GENERATE_POLICY 372
504	#define GENERATE_LEVEL 373
505	#define SUPPORT_PROXY 374
506	#define PROPOSAL 375
507	#define EXEC_PATH 376
508	#define EXEC_COMMAND 377
509	#define EXEC_SUCCESS 378
510	#define EXEC_FAILURE 379
511	#define GSS_ID 380
512	#define GSS_ID_ENC 381
513	#define GSS_ID_ENCTYPE 382
514	#define COMPLEX_BUNDLE 383
515	#define DPD 384
516	#define DPD_DELAY 385
517	#define DPD_RETRY 386
518	#define DPD_MAXFAIL 387
519	#define PH1ID 388
520	#define XAUTH_LOGIN 389
521	#define WEAK_PHASE1_CHECK 390
522	#define REKEY 391
523	#define PREFIX 392
524	#define PORT 393
525	#define PORTANY 394
526	#define UL_PROTO 395
527	#define ANY 396
528	#define IKE_FRAG 397
529	#define ESP_FRAG 398
530	#define MODE_CFG 399
531	#define PFS_GROUP 400
532	#define LIFETIME 401
533	#define LIFETYPE_TIME 402
534	#define LIFETYPE_BYTE 403
535	#define STRENGTH 404
536	#define REMOTEID 405
537	#define SCRIPT 406
538	#define PHASE1_UP 407
539	#define PHASE1_DOWN 408
540	#define PHASE1_DEAD 409
541	#define NUMBER 410
542	#define SWITCH 411
543	#define BOOLEAN 412
544	#define HEXSTRING 413
545	#define QUOTEDSTRING 414
546	#define ADDRSTRING 415
547	#define ADDRRANGE 416
548	#define UNITTYPE_BYTE 417
549	#define UNITTYPE_KBYTES 418
550	#define UNITTYPE_MBYTES 419
551	#define UNITTYPE_TBYTES 420
552	#define UNITTYPE_SEC 421
553	#define UNITTYPE_MIN 422
554	#define UNITTYPE_HOUR 423
555	#define EOS 424
556	#define BOC 425
557	#define EOC 426
558	#define COMMA 427
559	#define YYERRCODE 256
560	typedef int YYINT;
561	static const YYINT racoonyylhs[] = { -1,
562	0, 0, 14, 14, 14, 14, 14, 14, 14, 14,
563	14, 14, 14, 14, 14, 14, 14, 15, 30, 30,
564	32, 31, 33, 31, 34, 31, 35, 31, 36, 31,
565	37, 16, 38, 29, 17, 18, 19, 20, 39, 21,
566	40, 40, 42, 41, 43, 41, 44, 41, 45, 41,
567	46, 41, 22, 47, 47, 49, 48, 50, 48, 51,
568	48, 52, 48, 53, 48, 54, 48, 12, 5, 5,
569	55, 24, 56, 56, 58, 57, 59, 57, 60, 57,
570	61, 57, 62, 57, 63, 57, 64, 23, 65, 65,
571	67, 66, 68, 66, 69, 66, 70, 66, 71, 66,
572	72, 66, 73, 66, 74, 66, 75, 66, 76, 66,
573	77, 66, 78, 66, 25, 79, 79, 81, 80, 82,
574	80, 80, 80, 86, 80, 87, 80, 89, 80, 90,
575	80, 91, 80, 92, 80, 93, 80, 94, 80, 96,
576	80, 97, 80, 98, 80, 99, 80, 100, 80, 101,
577	80, 102, 80, 103, 80, 104, 80, 105, 80, 106,
578	80, 107, 80, 108, 80, 109, 80, 110, 80, 83,
579	83, 111, 84, 84, 112, 85, 85, 113, 95, 95,
580	114, 88, 88, 115, 26, 116, 116, 118, 117, 119,
581	117, 120, 117, 121, 117, 122, 117, 123, 117, 125,
582	128, 27, 124, 124, 124, 124, 124, 124, 9, 9,
583	9, 126, 126, 126, 127, 127, 130, 129, 131, 129,
584	132, 129, 133, 129, 135, 129, 134, 136, 134, 13,
585	3, 3, 4, 4, 4, 6, 6, 6, 1, 1,
586	138, 28, 140, 28, 141, 28, 142, 28, 137, 137,
587	139, 11, 11, 143, 143, 145, 144, 147, 144, 148,
588	144, 149, 144, 144, 151, 144, 152, 144, 153, 144,
589	154, 144, 155, 144, 156, 144, 157, 144, 158, 144,
590	159, 144, 160, 144, 161, 144, 162, 144, 163, 144,
591	164, 144, 165, 144, 166, 144, 167, 144, 168, 144,
592	169, 144, 170, 144, 171, 144, 172, 144, 173, 144,
593	174, 144, 175, 144, 176, 144, 177, 144, 178, 144,
594	179, 144, 180, 144, 181, 144, 182, 144, 183, 144,
595	184, 144, 185, 144, 186, 144, 187, 144, 188, 144,
596	189, 144, 190, 144, 191, 144, 192, 144, 193, 144,
597	146, 146, 195, 150, 196, 150, 2, 2, 10, 10,
598	10, 194, 194, 198, 197, 199, 197, 200, 197, 201,
599	197, 202, 197, 7, 7, 7, 8, 8, 8, 8,
600	};
601	static const YYINT racoonyylen[] = { 2,
602	0, 2, 1, 1, 1, 1, 1, 1, 1, 1,
603	1, 1, 1, 1, 1, 1, 1, 4, 0, 2,
604	0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
605	0, 5, 0, 4, 3, 3, 3, 3, 1, 4,
606	0, 2, 0, 4, 0, 4, 0, 4, 0, 4,
607	0, 4, 4, 0, 2, 0, 4, 0, 4, 0,
608	7, 0, 4, 0, 4, 0, 3, 2, 0, 1,
609	0, 5, 0, 2, 0, 5, 0, 6, 0, 5,
610	0, 6, 0, 4, 0, 4, 0, 5, 0, 2,
611	0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
612	0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
613	0, 4, 0, 4, 4, 0, 2, 0, 4, 0,
614	4, 3, 3, 0, 5, 0, 5, 0, 4, 0,
615	4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
616	4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
617	4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
618	4, 0, 4, 0, 4, 0, 4, 0, 4, 1,
619	3, 1, 1, 3, 1, 1, 3, 2, 1, 3,
620	1, 1, 3, 1, 4, 0, 2, 0, 4, 0,
621	5, 0, 4, 0, 5, 0, 5, 0, 5, 0,
622	0, 8, 1, 2, 2, 2, 2, 2, 5, 6,
623	2, 0, 3, 2, 0, 2, 0, 4, 0, 4,
624	0, 6, 0, 6, 0, 4, 1, 0, 4, 2,
625	0, 1, 0, 1, 1, 1, 1, 1, 0, 1,
626	0, 6, 0, 4, 0, 6, 0, 4, 1, 1,
627	3, 2, 1, 0, 2, 0, 4, 0, 4, 0,
628	4, 0, 4, 2, 0, 4, 0, 5, 0, 5,
629	0, 4, 0, 5, 0, 4, 0, 4, 0, 4,
630	0, 4, 0, 5, 0, 6, 0, 4, 0, 5,
631	0, 6, 0, 4, 0, 4, 0, 4, 0, 4,
632	0, 4, 0, 4, 0, 4, 0, 5, 0, 5,
633	0, 5, 0, 4, 0, 4, 0, 4, 0, 4,
634	0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
635	0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
636	0, 4, 0, 6, 0, 4, 0, 6, 0, 5,
637	0, 2, 0, 5, 0, 4, 1, 1, 0, 1,
638	1, 0, 2, 0, 6, 0, 6, 0, 4, 0,
639	4, 0, 5, 1, 1, 1, 1, 1, 1, 1,
640	};
641	static const YYINT racoonyydefred[] = { 1,
642	0, 0, 0, 0, 0, 0, 0, 0, 87, 71,
643	0, 0, 200, 0, 0, 0, 2, 3, 4, 5,
644	6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
645	16, 17, 19, 0, 0, 0, 39, 0, 41, 54,
646	0, 0, 116, 186, 0, 0, 0, 0, 0, 253,
647	0, 33, 0, 31, 35, 36, 38, 0, 0, 89,
648	73, 0, 0, 0, 0, 0, 0, 70, 252, 0,
649	0, 68, 0, 0, 37, 0, 0, 0, 0, 18,
650	20, 0, 0, 0, 0, 0, 0, 40, 42, 0,
651	0, 66, 0, 53, 55, 0, 0, 0, 0, 0,
652	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
653	0, 0, 0, 0, 115, 117, 0, 0, 0, 0,
654	0, 0, 185, 187, 204, 205, 211, 0, 206, 207,
655	208, 0, 0, 0, 241, 254, 244, 245, 248, 34,
656	23, 21, 27, 25, 29, 32, 43, 45, 47, 49,
657	51, 56, 58, 0, 64, 0, 0, 0, 0, 0,
658	0, 0, 0, 0, 0, 0, 0, 0, 88, 90,
659	0, 0, 0, 0, 72, 74, 118, 120, 172, 0,
660	0, 175, 0, 0, 130, 132, 134, 136, 138, 181,
661	140, 0, 142, 144, 148, 150, 152, 146, 164, 166,
662	162, 168, 154, 160, 0, 0, 184, 128, 0, 156,
663	158, 188, 0, 192, 0, 0, 0, 232, 0, 0,
664	214, 0, 215, 0, 0, 0, 0, 0, 0, 0,
665	0, 0, 0, 0, 0, 0, 0, 0, 67, 0,
666	0, 0, 93, 95, 91, 97, 101, 103, 99, 105,
667	107, 109, 111, 113, 0, 0, 83, 85, 0, 0,
668	122, 0, 123, 0, 0, 0, 0, 0, 0, 0,
669	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
670	0, 0, 0, 0, 0, 176, 0, 0, 0, 0,
671	0, 0, 374, 375, 376, 190, 0, 194, 196, 198,
672	0, 234, 235, 0, 361, 360, 213, 0, 250, 242,
673	249, 0, 258, 0, 0, 0, 0, 0, 0, 0,
674	0, 0, 0, 0, 0, 0, 297, 0, 0, 0,
675	0, 0, 0, 349, 0, 0, 0, 0, 0, 0,
676	0, 0, 0, 0, 0, 0, 0, 251, 255, 246,
677	24, 22, 28, 26, 30, 44, 46, 48, 50, 52,
678	57, 59, 65, 0, 63, 0, 0, 0, 0, 0,
679	0, 0, 0, 0, 0, 0, 0, 0, 75, 0,
680	79, 0, 0, 119, 121, 171, 174, 131, 133, 135,
681	137, 139, 141, 180, 143, 145, 149, 151, 153, 147,
682	165, 167, 163, 169, 155, 161, 178, 0, 0, 0,
683	129, 183, 157, 159, 189, 0, 193, 0, 0, 0,
684	0, 237, 238, 236, 209, 225, 0, 0, 0, 0,
685	216, 256, 351, 260, 262, 0, 0, 264, 271, 0,
686	0, 265, 0, 275, 277, 279, 281, 0, 0, 293,
687	295, 0, 299, 323, 327, 325, 345, 319, 317, 321,
688	0, 329, 331, 333, 335, 341, 287, 315, 339, 337,
689	303, 301, 305, 313, 0, 0, 0, 60, 94, 96,
690	92, 98, 102, 104, 100, 106, 108, 110, 112, 114,
691	77, 0, 81, 0, 84, 86, 177, 125, 127, 191,
692	195, 197, 199, 210, 0, 357, 358, 217, 0, 0,
693	219, 202, 0, 0, 0, 0, 0, 355, 0, 267,
694	269, 0, 273, 0, 0, 0, 0, 0, 283, 0,
695	289, 0, 0, 0, 0, 0, 0, 0, 0, 0,
696	0, 0, 362, 0, 0, 0, 0, 0, 0, 0,
697	0, 0, 0, 0, 0, 0, 0, 0, 307, 309,
698	311, 0, 0, 76, 0, 80, 0, 0, 0, 0,
699	0, 0, 0, 257, 352, 259, 261, 263, 353, 0,
700	272, 0, 0, 266, 0, 276, 278, 280, 282, 285,
701	0, 291, 0, 294, 296, 298, 300, 324, 328, 326,
702	346, 320, 318, 322, 0, 330, 332, 334, 336, 342,
703	288, 316, 340, 338, 304, 302, 306, 314, 343, 377,
704	378, 379, 380, 347, 0, 0, 0, 61, 78, 82,
705	240, 230, 0, 226, 218, 221, 223, 220, 0, 356,
706	268, 270, 274, 0, 284, 0, 290, 0, 0, 0,
707	0, 350, 363, 0, 0, 308, 310, 312, 0, 0,
708	0, 354, 286, 292, 0, 368, 370, 0, 0, 344,
709	348, 229, 222, 224, 372, 0, 0, 0, 0, 0,
710	369, 371, 364, 366, 373, 0, 0, 365, 367,
711	};
712	static const YYINT racoonyydgoto[] = { 1,
713	632, 508, 220, 304, 69, 425, 296, 624, 66, 307,
714	49, 50, 568, 17, 18, 19, 20, 21, 22, 23,
715	24, 25, 26, 27, 28, 29, 30, 31, 32, 53,
716	81, 228, 227, 230, 229, 231, 82, 76, 38, 58,
717	89, 232, 233, 234, 235, 236, 59, 95, 237, 238,
718	562, 242, 240, 154, 42, 97, 176, 492, 563, 494,
719	565, 382, 383, 41, 96, 170, 368, 366, 367, 369,
720	372, 370, 371, 373, 374, 375, 376, 377, 62, 116,
721	259, 260, 180, 183, 285, 409, 410, 208, 288, 265,
722	266, 267, 268, 269, 191, 270, 272, 273, 277, 274,
723	275, 276, 282, 290, 291, 283, 280, 278, 279, 281,
724	181, 184, 286, 192, 209, 63, 124, 292, 416, 297,
725	418, 419, 420, 67, 45, 134, 308, 430, 431, 570,
726	573, 660, 661, 569, 505, 633, 310, 224, 311, 71,
727	226, 74, 225, 349, 513, 514, 433, 515, 516, 438,
728	522, 582, 583, 519, 585, 524, 525, 526, 527, 591,
729	644, 549, 593, 646, 532, 533, 452, 535, 554, 553,
730	555, 625, 626, 627, 556, 550, 541, 540, 542, 536,
731	538, 537, 544, 545, 546, 547, 552, 551, 548, 654,
732	539, 655, 461, 605, 639, 580, 653, 686, 687, 676,
733	677, 680,
734	};
735	static const YYINT racoonyysindex[] = { 0,
736	-193, -348, -174, -292, -306, -130, -266, -246, 0, 0,
737	-244, -234, 0, -268, -217, -216, 0, 0, 0, 0,
738	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
739	0, 0, 0, -264, -220, -191, 0, -168, 0, 0,
740	-219, -196, 0, 0, -252, -185, -146, -185, -108, 0,
741	-164, 0, -251, 0, 0, 0, 0, -257, -258, 0,
742	0, -256, -275, -231, -321, -242, -218, 0, 0, -171,
743	-163, 0, -255, -163, 0, -159, -284, -282, -143, 0,
744	0, -152, -138, -137, -134, -132, -131, 0, 0, -128,
745	-128, 0, -261, 0, 0, -260, -259, -127, -126, -125,
746	-124, -129, -122, -121, -200, -209, -136, -120, -118, -115,
747	-165, -117, -114, -113, 0, 0, -111, -110, -109, -106,
748	-105, -104, 0, 0, 0, 0, 0, -308, 0, 0,
749	0, -112, -80, -148, 0, 0, 0, 0, 0, 0,
750	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
751	0, 0, 0, -142, 0, -103, -102, -101, -100, -99,
752	-98, -97, -93, -95, -94, -92, -91, -90, 0, 0,
753	-89, -88, -96, -83, 0, 0, 0, 0, 0, -141,
754	-149, 0, -116, -86, 0, 0, 0, 0, 0, 0,
755	0, -84, 0, 0, 0, 0, 0, 0, 0, 0,
756	0, 0, 0, 0, -85, -85, 0, 0, -82, 0,
757	0, 0, -201, 0, -201, -201, -201, 0, -79, -195,
758	0, -199, 0, -172, -140, -172, -78, -77, -76, -75,
759	-74, -73, -72, -71, -70, -69, -67, -66, 0, -65,
760	-81, -64, 0, 0, 0, 0, 0, 0, 0, 0,
761	0, 0, 0, 0, -265, -262, 0, 0, -63, -62,
762	0, -125, 0, -124, -61, -60, -59, -58, -57, -56,
763	-121, -55, -54, -53, -52, -51, -50, -49, -48, -47,
764	-46, -45, -44, -11, -43, 0, -43, -42, -117, -41,
765	-39, -38, 0, 0, 0, 0, -37, 0, 0, 0,
766	-195, 0, 0, -238, 0, 0, 0, -289, 0, 0,
767	0, -128, 0, -23, -18, -107, -270, -32, -22, -21,
768	-20, -19, -24, -17, -16, -14, 0, -13, -12, -293,
769	-68, -310, -10, 0, -9, -7, -6, -5, -4, -199,
770	-3, -288, -286, -1, 1, -139, -26, 0, 0, 0,
771	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
772	0, 0, 0, 3, 0, -31, -30, -27, -8, -2,
773	2, 4, 5, 6, 7, 8, 9, 10, 0, 11,
774	0, 12, 13, 0, 0, 0, 0, 0, 0, 0,
775	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
776	0, 0, 0, 0, 0, 0, 0, -85, 14, 15,
777	0, 0, 0, 0, 0, 16, 0, 17, 18, 19,
778	-238, 0, 0, 0, 0, 0, -254, -135, 24, -145,
779	0, 0, 0, 0, 0, 21, 30, 0, 0, 31,
780	32, 0, 33, 0, 0, 0, 0, -281, -277, 0,
781	0, -254, 0, 0, 0, 0, 0, 0, 0, 0,
782	-25, 0, 0, 0, 0, 0, 0, 0, 0, 0,
783	0, 0, 0, 0, 38, 39, -167, 0, 0, 0,
784	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
785	0, 26, 0, 27, 0, 0, 0, 0, 0, 0,
786	0, 0, 0, 0, 75, 0, 0, 0, 42, 43,
787	0, 0, 34, -303, 35, 36, 40, 0, 37, 0,
788	0, 41, 0, 44, 45, 46, 47, -199, 0, -199,
789	0, 48, 49, 50, 51, 52, 53, 54, 55, 56,
790	57, 58, 0, 59, 60, 61, 62, 64, 65, 66,
791	67, 68, 69, 70, 71, 72, -201, -181, 0, 0,
792	0, 73, 74, 0, 76, 0, 77, 0, 78, 79,
793	-201, -181, 80, 0, 0, 0, 0, 0, 0, 81,
794	0, 82, 83, 0, 84, 0, 0, 0, 0, 0,
795	85, 0, 86, 0, 0, 0, 0, 0, 0, 0,
796	0, 0, 0, 0, -291, 0, 0, 0, 0, 0,
797	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
798	0, 0, 0, 0, 87, 88, 89, 0, 0, 0,
799	0, 0, 28, 0, 0, 0, 0, 0, 90, 0,
800	0, 0, 0, 91, 0, 92, 0, 95, -254, 103,
801	-133, 0, 0, 94, 96, 0, 0, 0, 75, 97,
802	98, 0, 0, 0, 77, 0, 0, 109, 113, 0,
803	0, 0, 0, 0, 0, 100, 101, -201, -181, 102,
804	0, 0, 0, 0, 0, 104, 105, 0, 0,
805	};
806	static const YYINT racoonyyrindex[] = { 0,
807	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
808	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
809	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
810	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
811	0, 0, 0, 0, 0, -305, -15, -305, 106, 0,
812	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
813	0, 0, 0, -249, 0, 0, 107, 0, 0, 0,
814	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
815	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
816	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
817	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
818	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
819	0, 0, 0, 0, 0, 0, 0, -232, 0, 0,
820	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
821	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
822	0, 0, 0, 0, 0, 110, 0, 0, 0, 0,
823	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
824	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
825	111, 0, 0, 112, 0, 0, 0, 0, 0, 0,
826	0, 114, 0, 0, 0, 0, 0, 0, 0, 0,
827	0, 0, 0, 0, 0, 0, 0, 0, 115, 0,
828	0, 0, 0, 0, 0, 0, 0, 0, -232, -213,
829	0, 108, 0, 0, 0, 0, 0, 0, 0, 0,
830	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
831	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
832	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
833	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
834	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
835	0, 0, 0, 0, 116, 0, 117, 0, 0, 0,
836	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
837	-213, 0, 0, 0, 0, 0, 0, -119, 0, 0,
838	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
839	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
840	0, 0, 0, 0, 0, 0, 0, 0, 0, -70,
841	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
842	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
843	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
844	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
845	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
846	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
847	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
848	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
849	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
850	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
851	0, 0, 0, 0, 0, 0, 0, -70, -70, 0,
852	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
853	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
854	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
855	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
856	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
857	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
858	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
859	0, 0, 0, 0, 0, 0, 0, -70, 0, -70,
860	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
861	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
862	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
863	0, 0, 0, 0, 0, 0, -285, -247, 0, 0,
864	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
865	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
866	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
867	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
868	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
869	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
870	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
871	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
872	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
873	0, 0, 0, 0, -142, 0, 0, 0, 0, 0,
874	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
875	0, 0, 0, 0, 0, 0, 0, 0, 0,
876	};
877	static const YYINT racoonyygindex[] = { 0,
878	-381, -447, 120, 119, 284, 121, -215, -539, 63, -334,
879	261, -87, 0, 0, 0, 0, 0, 0, 0, 0,
880	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
881	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
882	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
883	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
884	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
885	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
886	0, 0, 149, 150, 129, 0, 0, 126, 0, 0,
887	0, 0, 0, 0, 146, 0, 0, 0, 0, 0,
888	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
889	0, 0, 93, 0, 0, 0, 0, 0, 0, 0,
890	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
891	0, 0, 0, -323, 0, 0, 192, 0, 118, 0,
892	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
893	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
894	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
895	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
896	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
897	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
898	0, 0,
899	};
900	#define YYTABLESIZE 542
901	static const YYINT racoonyytable[] = { 298,
902	299, 300, 152, 153, 534, 467, 77, 78, 79, 203,
903	83, 84, 85, 86, 87, 90, 91, 155, 92, 93,
904	157, 158, 159, 160, 161, 162, 163, 164, 165, 166,
905	167, 168, 637, 69, 171, 172, 173, 174, 575, 648,
906	132, 426, 98, 99, 100, 101, 102, 103, 104, 117,
907	118, 119, 120, 121, 122, 105, 106, 107, 108, 109,
908	110, 111, 458, 2, 112, 113, 114, 3, 46, 4,
909	5, 6, 649, 7, 528, 455, 33, 506, 530, 8,
910	469, 46, 471, 218, 64, 203, 9, 34, 650, 439,
911	440, 441, 127, 128, 129, 130, 195, 196, 197, 10,
912	459, 198, 65, 36, 11, 193, 125, 219, 194, 651,
913	427, 428, 65, 529, 531, 429, 133, 456, 69, 69,
914	576, 35, 470, 65, 472, 141, 126, 143, 131, 142,
915	12, 144, 305, 306, 652, 37, 305, 306, 239, 684,
916	13, 239, 14, 442, 378, 47, 48, 380, 379, 54,
917	123, 381, 156, 205, 206, 507, 422, 423, 39, 48,
918	231, 231, 231, 231, 51, 169, 175, 94, 88, 115,
919	199, 424, 200, 201, 80, 203, 227, 231, 40, 228,
920	43, 233, 233, 186, 187, 188, 189, 15, 137, 16,
921	44, 139, 70, 590, 52, 592, 233, 302, 303, 312,
922	313, 666, 314, 55, 315, 60, 316, 68, 317, 318,
923	319, 320, 321, 322, 305, 306, 323, 324, 325, 293,
924	294, 295, 326, 327, 432, 328, 329, 330, 61, 331,
925	73, 332, 56, 333, 334, 620, 621, 622, 623, 559,
926	560, 561, 135, 335, 336, 337, 338, 339, 340, 341,
927	342, 309, 136, 436, 437, 57, 343, 344, 345, 75,
928	346, 136, 475, 476, 140, 347, 509, 510, 668, 669,
929	145, 146, 147, 148, 222, 149, 223, 262, 150, 151,
930	512, 239, 261, 675, 185, 348, 48, 177, 178, 179,
931	182, 203, 190, 202, 204, 210, 207, 211, 212, 213,
932	214, 221, 457, 215, 216, 217, 201, 263, 244, 245,
933	241, 243, 218, 257, 246, 247, 248, 249, 250, 251,
934	434, 252, 253, 254, 255, 256, 258, 435, 443, 284,
935	448, 72, 364, 138, 287, 672, 0, 449, 301, 0,
936	264, 619, 271, 0, 289, 351, 352, 353, 354, 355,
937	356, 357, 358, 359, 360, 636, 361, 362, 363, 365,
938	384, 385, 388, 389, 390, 391, 392, 393, 395, 396,
939	397, 398, 399, 400, 401, 402, 403, 404, 405, 406,
940	407, 411, 413, 408, 414, 415, 417, 477, 444, 445,
941	446, 447, 479, 480, 450, 451, 481, 453, 454, 543,
942	460, 462, 463, 464, 465, 466, 567, 468, 473, 243,
943	386, 474, 478, 387, 412, 482, 394, 350, 0, 421,
944	0, 483, 0, 491, 493, 484, 665, 485, 486, 487,
945	488, 489, 490, 511, 517, 495, 496, 498, 499, 500,
946	501, 502, 503, 518, 520, 521, 523, 557, 558, 564,
947	566, 571, 572, 579, 659, 0, 0, 574, 577, 578,
948	581, 0, 683, 0, 584, 0, 0, 586, 587, 588,
949	589, 594, 595, 596, 597, 598, 599, 600, 601, 602,
950	603, 604, 606, 607, 608, 609, 631, 610, 611, 612,
951	613, 614, 615, 616, 617, 618, 628, 629, 0, 630,
952	497, 634, 635, 638, 640, 641, 642, 643, 645, 647,
953	656, 657, 658, 662, 663, 664, 667, 670, 678, 671,
954	673, 674, 679, 681, 682, 685, 0, 688, 689, 0,
955	247, 212, 359, 62, 170, 173, 0, 179, 182, 124,
956	126, 504,
957	};
958	static const YYINT racoonyycheck[] = { 215,
959	216, 217, 90, 91, 452, 340, 258, 259, 260, 259,
960	268, 269, 270, 271, 272, 274, 275, 279, 277, 278,
961	281, 282, 283, 284, 285, 286, 287, 288, 289, 290,
962	291, 292, 572, 339, 294, 295, 296, 297, 342, 331,
963	259, 331, 299, 300, 301, 302, 303, 304, 305, 325,
964	326, 327, 328, 329, 330, 312, 313, 314, 315, 316,
965	317, 318, 373, 257, 321, 322, 323, 261, 337, 263,
966	264, 265, 364, 267, 356, 369, 425, 332, 356, 273,
967	369, 337, 369, 392, 337, 335, 280, 262, 380, 360,
968	361, 362, 414, 415, 337, 338, 306, 307, 308, 293,
969	411, 311, 355, 410, 298, 306, 338, 416, 309, 401,
970	400, 401, 355, 448, 449, 405, 335, 411, 424, 425,
971	424, 414, 411, 355, 411, 410, 64, 410, 66, 414,
972	324, 414, 414, 415, 426, 266, 414, 415, 424, 679,
973	334, 427, 336, 414, 410, 414, 415, 410, 414, 414,
974	426, 414, 414, 319, 320, 410, 395, 396, 425, 415,
975	393, 394, 395, 396, 382, 426, 426, 426, 426, 426,
976	307, 410, 309, 310, 426, 425, 424, 410, 425, 427,
977	425, 395, 396, 306, 307, 308, 309, 381, 71, 383,
978	425, 74, 339, 528, 411, 530, 410, 393, 394, 340,
979	341, 649, 343, 424, 345, 425, 347, 393, 349, 350,
980	351, 352, 353, 354, 414, 415, 357, 358, 359, 421,
981	422, 423, 363, 364, 312, 366, 367, 368, 425, 370,
982	339, 372, 424, 374, 375, 417, 418, 419, 420, 407,
983	408, 409, 414, 384, 385, 386, 387, 388, 389, 390,
984	391, 424, 425, 361, 362, 424, 397, 398, 399, 424,
985	401, 425, 402, 403, 424, 406, 402, 403, 402, 403,
986	414, 424, 411, 411, 355, 410, 425, 427, 411, 411,
987	426, 424, 424, 665, 414, 426, 415, 415, 415, 415,
988	415, 410, 414, 414, 410, 410, 414, 411, 410, 410,
989	410, 414, 371, 410, 410, 410, 426, 424, 410, 410,
990	414, 414, 392, 410, 414, 414, 414, 411, 414, 414,
991	344, 414, 414, 414, 414, 414, 410, 346, 361, 415,
992	355, 48, 414, 73, 206, 659, -1, 355, 219, -1,
993	427, 557, 427, -1, 427, 424, 424, 424, 424, 424,
994	424, 424, 424, 424, 424, 571, 424, 424, 424, 424,
995	424, 424, 424, 424, 424, 424, 424, 424, 424, 424,
996	424, 424, 424, 424, 424, 424, 424, 424, 424, 424,
997	392, 424, 424, 427, 424, 424, 424, 414, 411, 411,
998	411, 411, 424, 424, 411, 410, 424, 411, 411, 425,
999	411, 411, 410, 410, 410, 410, 332, 411, 410, 425,
1000	262, 411, 410, 264, 289, 424, 271, 226, -1, 301,
1001	-1, 424, -1, 414, 414, 424, 332, 424, 424, 424,
1002	424, 424, 424, 410, 414, 424, 424, 424, 424, 424,
1003	424, 424, 424, 414, 414, 414, 414, 410, 410, 424,
1004	424, 410, 410, 414, 427, -1, -1, 424, 424, 424,
1005	424, -1, 678, -1, 424, -1, -1, 424, 424, 424,
1006	424, 424, 424, 424, 424, 424, 424, 424, 424, 424,
1007	424, 424, 424, 424, 424, 424, 410, 424, 424, 424,
1008	424, 424, 424, 424, 424, 424, 424, 424, -1, 424,
1009	408, 424, 424, 424, 424, 424, 424, 424, 424, 424,
1010	424, 424, 424, 424, 424, 424, 414, 424, 410, 424,
1011	424, 424, 410, 424, 424, 424, -1, 424, 424, -1,
1012	425, 425, 425, 424, 424, 424, -1, 424, 424, 424,
1013	424, 421,
1014	};
1015	#define YYFINAL 1
1016	#ifndef YYDEBUG
1017	#define YYDEBUG 0
1018	#endif
1019	#define YYMAXTOKEN 427
1020	#define YYUNDFTOKEN 632
1021	#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a))
1022	#if YYDEBUG
1023	static const char *const racoonyyname[] = {
1024
1025	"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1026	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1027	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1028	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1029	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1030	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1031	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"PRIVSEP","USER","GROUP","CHROOT",
1032	"PATH","PATHTYPE","INCLUDE","PFKEY_BUFFER","LOGGING","LOGLEV","PADDING",
1033	"PAD_RANDOMIZE","PAD_RANDOMIZELEN","PAD_MAXLEN","PAD_STRICT","PAD_EXCLTAIL",
1034	"LISTEN","X_ISAKMP","X_ISAKMP_NATT","X_ADMIN","STRICT_ADDRESS","ADMINSOCK",
1035	"DISABLED","LDAPCFG","LDAP_HOST","LDAP_PORT","LDAP_PVER","LDAP_BASE",
1036	"LDAP_BIND_DN","LDAP_BIND_PW","LDAP_SUBTREE","LDAP_ATTR_USER","LDAP_ATTR_ADDR",
1037	"LDAP_ATTR_MASK","LDAP_ATTR_GROUP","LDAP_ATTR_MEMBER","RADCFG","RAD_AUTH",
1038	"RAD_ACCT","RAD_TIMEOUT","RAD_RETRIES","MODECFG","CFG_NET4","CFG_MASK4",
1039	"CFG_DNS4","CFG_NBNS4","CFG_DEFAULT_DOMAIN","CFG_AUTH_SOURCE","CFG_AUTH_GROUPS",
1040	"CFG_SYSTEM","CFG_RADIUS","CFG_PAM","CFG_LDAP","CFG_LOCAL","CFG_NONE",
1041	"CFG_GROUP_SOURCE","CFG_ACCOUNTING","CFG_CONF_SOURCE","CFG_MOTD",
1042	"CFG_POOL_SIZE","CFG_AUTH_THROTTLE","CFG_SPLIT_NETWORK","CFG_SPLIT_LOCAL",
1043	"CFG_SPLIT_INCLUDE","CFG_SPLIT_DNS","CFG_PFS_GROUP","CFG_SAVE_PASSWD","RETRY",
1044	"RETRY_COUNTER","RETRY_INTERVAL","RETRY_PERSEND","RETRY_PHASE1","RETRY_PHASE2",
1045	"NATT_KA","ALGORITHM_CLASS","ALGORITHMTYPE","STRENGTHTYPE","SAINFO","FROM",
1046	"REMOTE","ANONYMOUS","CLIENTADDR","INHERIT","REMOTE_ADDRESS","EXCHANGE_MODE",
1047	"EXCHANGETYPE","DOI","DOITYPE","SITUATION","SITUATIONTYPE","CERTIFICATE_TYPE",
1048	"CERTTYPE","PEERS_CERTFILE","CA_TYPE","VERIFY_CERT","SEND_CERT","SEND_CR",
1049	"MATCH_EMPTY_CR","IDENTIFIERTYPE","IDENTIFIERQUAL","MY_IDENTIFIER",
1050	"PEERS_IDENTIFIER","VERIFY_IDENTIFIER","DNSSEC","CERT_X509","CERT_PLAINRSA",
1051	"NONCE_SIZE","DH_GROUP","KEEPALIVE","PASSIVE","INITIAL_CONTACT","NAT_TRAVERSAL",
1052	"REMOTE_FORCE_LEVEL","PROPOSAL_CHECK","PROPOSAL_CHECK_LEVEL","GENERATE_POLICY",
1053	"GENERATE_LEVEL","SUPPORT_PROXY","PROPOSAL","EXEC_PATH","EXEC_COMMAND",
1054	"EXEC_SUCCESS","EXEC_FAILURE","GSS_ID","GSS_ID_ENC","GSS_ID_ENCTYPE",
1055	"COMPLEX_BUNDLE","DPD","DPD_DELAY","DPD_RETRY","DPD_MAXFAIL","PH1ID",
1056	"XAUTH_LOGIN","WEAK_PHASE1_CHECK","REKEY","PREFIX","PORT","PORTANY","UL_PROTO",
1057	"ANY","IKE_FRAG","ESP_FRAG","MODE_CFG","PFS_GROUP","LIFETIME","LIFETYPE_TIME",
1058	"LIFETYPE_BYTE","STRENGTH","REMOTEID","SCRIPT","PHASE1_UP","PHASE1_DOWN",
1059	"PHASE1_DEAD","NUMBER","SWITCH","BOOLEAN","HEXSTRING","QUOTEDSTRING",
1060	"ADDRSTRING","ADDRRANGE","UNITTYPE_BYTE","UNITTYPE_KBYTES","UNITTYPE_MBYTES",
1061	"UNITTYPE_TBYTES","UNITTYPE_SEC","UNITTYPE_MIN","UNITTYPE_HOUR","EOS","BOC",
1062	"EOC","COMMA",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1063	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1064	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1065	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1066	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1067	0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol",
1068	};
1069	static const char *const racoonyyrule[] = {
1070	"$accept : statements",
1071	"statements :",
1072	"statements : statements statement",
1073	"statement : privsep_statement",
1074	"statement : path_statement",
1075	"statement : include_statement",
1076	"statement : pfkey_statement",
1077	"statement : gssenc_statement",
1078	"statement : logging_statement",
1079	"statement : padding_statement",
1080	"statement : listen_statement",
1081	"statement : ldapcfg_statement",
1082	"statement : radcfg_statement",
1083	"statement : modecfg_statement",
1084	"statement : timer_statement",
1085	"statement : sainfo_statement",
1086	"statement : remote_statement",
1087	"statement : special_statement",
1088	"privsep_statement : PRIVSEP BOC privsep_stmts EOC",
1089	"privsep_stmts :",
1090	"privsep_stmts : privsep_stmts privsep_stmt",
1091	"$$1 :",
1092	"privsep_stmt : USER QUOTEDSTRING $$1 EOS",
1093	"$$2 :",
1094	"privsep_stmt : USER NUMBER $$2 EOS",
1095	"$$3 :",
1096	"privsep_stmt : GROUP QUOTEDSTRING $$3 EOS",
1097	"$$4 :",
1098	"privsep_stmt : GROUP NUMBER $$4 EOS",
1099	"$$5 :",
1100	"privsep_stmt : CHROOT QUOTEDSTRING $$5 EOS",
1101	"$$6 :",
1102	"path_statement : PATH PATHTYPE QUOTEDSTRING $$6 EOS",
1103	"$$7 :",
1104	"special_statement : COMPLEX_BUNDLE SWITCH $$7 EOS",
1105	"include_statement : INCLUDE QUOTEDSTRING EOS",
1106	"pfkey_statement : PFKEY_BUFFER NUMBER EOS",
1107	"gssenc_statement : GSS_ID_ENC GSS_ID_ENCTYPE EOS",
1108	"logging_statement : LOGGING log_level EOS",
1109	"log_level : LOGLEV",
1110	"padding_statement : PADDING BOC padding_stmts EOC",
1111	"padding_stmts :",
1112	"padding_stmts : padding_stmts padding_stmt",
1113	"$$8 :",
1114	"padding_stmt : PAD_RANDOMIZE SWITCH $$8 EOS",
1115	"$$9 :",
1116	"padding_stmt : PAD_RANDOMIZELEN SWITCH $$9 EOS",
1117	"$$10 :",
1118	"padding_stmt : PAD_MAXLEN NUMBER $$10 EOS",
1119	"$$11 :",
1120	"padding_stmt : PAD_STRICT SWITCH $$11 EOS",
1121	"$$12 :",
1122	"padding_stmt : PAD_EXCLTAIL SWITCH $$12 EOS",
1123	"listen_statement : LISTEN BOC listen_stmts EOC",
1124	"listen_stmts :",
1125	"listen_stmts : listen_stmts listen_stmt",
1126	"$$13 :",
1127	"listen_stmt : X_ISAKMP ike_addrinfo_port $$13 EOS",
1128	"$$14 :",
1129	"listen_stmt : X_ISAKMP_NATT ike_addrinfo_port $$14 EOS",
1130	"$$15 :",
1131	"listen_stmt : ADMINSOCK QUOTEDSTRING QUOTEDSTRING QUOTEDSTRING NUMBER $$15 EOS",
1132	"$$16 :",
1133	"listen_stmt : ADMINSOCK QUOTEDSTRING $$16 EOS",
1134	"$$17 :",
1135	"listen_stmt : ADMINSOCK DISABLED $$17 EOS",
1136	"$$18 :",
1137	"listen_stmt : STRICT_ADDRESS $$18 EOS",
1138	"ike_addrinfo_port : ADDRSTRING ike_port",
1139	"ike_port :",
1140	"ike_port : PORT",
1141	"$$19 :",
1142	"radcfg_statement : RADCFG $$19 BOC radcfg_stmts EOC",
1143	"radcfg_stmts :",
1144	"radcfg_stmts : radcfg_stmts radcfg_stmt",
1145	"$$20 :",
1146	"radcfg_stmt : RAD_AUTH QUOTEDSTRING QUOTEDSTRING $$20 EOS",
1147	"$$21 :",
1148	"radcfg_stmt : RAD_AUTH QUOTEDSTRING NUMBER QUOTEDSTRING $$21 EOS",
1149	"$$22 :",
1150	"radcfg_stmt : RAD_ACCT QUOTEDSTRING QUOTEDSTRING $$22 EOS",
1151	"$$23 :",
1152	"radcfg_stmt : RAD_ACCT QUOTEDSTRING NUMBER QUOTEDSTRING $$23 EOS",
1153	"$$24 :",
1154	"radcfg_stmt : RAD_TIMEOUT NUMBER $$24 EOS",
1155	"$$25 :",
1156	"radcfg_stmt : RAD_RETRIES NUMBER $$25 EOS",
1157	"$$26 :",
1158	"ldapcfg_statement : LDAPCFG $$26 BOC ldapcfg_stmts EOC",
1159	"ldapcfg_stmts :",
1160	"ldapcfg_stmts : ldapcfg_stmts ldapcfg_stmt",
1161	"$$27 :",
1162	"ldapcfg_stmt : LDAP_PVER NUMBER $$27 EOS",
1163	"$$28 :",
1164	"ldapcfg_stmt : LDAP_HOST QUOTEDSTRING $$28 EOS",
1165	"$$29 :",
1166	"ldapcfg_stmt : LDAP_PORT NUMBER $$29 EOS",
1167	"$$30 :",
1168	"ldapcfg_stmt : LDAP_BASE QUOTEDSTRING $$30 EOS",
1169	"$$31 :",
1170	"ldapcfg_stmt : LDAP_SUBTREE SWITCH $$31 EOS",
1171	"$$32 :",
1172	"ldapcfg_stmt : LDAP_BIND_DN QUOTEDSTRING $$32 EOS",
1173	"$$33 :",
1174	"ldapcfg_stmt : LDAP_BIND_PW QUOTEDSTRING $$33 EOS",
1175	"$$34 :",
1176	"ldapcfg_stmt : LDAP_ATTR_USER QUOTEDSTRING $$34 EOS",
1177	"$$35 :",
1178	"ldapcfg_stmt : LDAP_ATTR_ADDR QUOTEDSTRING $$35 EOS",
1179	"$$36 :",
1180	"ldapcfg_stmt : LDAP_ATTR_MASK QUOTEDSTRING $$36 EOS",
1181	"$$37 :",
1182	"ldapcfg_stmt : LDAP_ATTR_GROUP QUOTEDSTRING $$37 EOS",
1183	"$$38 :",
1184	"ldapcfg_stmt : LDAP_ATTR_MEMBER QUOTEDSTRING $$38 EOS",
1185	"modecfg_statement : MODECFG BOC modecfg_stmts EOC",
1186	"modecfg_stmts :",
1187	"modecfg_stmts : modecfg_stmts modecfg_stmt",
1188	"$$39 :",
1189	"modecfg_stmt : CFG_NET4 ADDRSTRING $$39 EOS",
1190	"$$40 :",
1191	"modecfg_stmt : CFG_MASK4 ADDRSTRING $$40 EOS",
1192	"modecfg_stmt : CFG_DNS4 addrdnslist EOS",
1193	"modecfg_stmt : CFG_NBNS4 addrwinslist EOS",
1194	"$$41 :",
1195	"modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL splitnetlist $$41 EOS",
1196	"$$42 :",
1197	"modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_INCLUDE splitnetlist $$42 EOS",
1198	"$$43 :",
1199	"modecfg_stmt : CFG_SPLIT_DNS splitdnslist $$43 EOS",
1200	"$$44 :",
1201	"modecfg_stmt : CFG_DEFAULT_DOMAIN QUOTEDSTRING $$44 EOS",
1202	"$$45 :",
1203	"modecfg_stmt : CFG_AUTH_SOURCE CFG_SYSTEM $$45 EOS",
1204	"$$46 :",
1205	"modecfg_stmt : CFG_AUTH_SOURCE CFG_RADIUS $$46 EOS",
1206	"$$47 :",
1207	"modecfg_stmt : CFG_AUTH_SOURCE CFG_PAM $$47 EOS",
1208	"$$48 :",
1209	"modecfg_stmt : CFG_AUTH_SOURCE CFG_LDAP $$48 EOS",
1210	"$$49 :",
1211	"modecfg_stmt : CFG_AUTH_GROUPS authgrouplist $$49 EOS",
1212	"$$50 :",
1213	"modecfg_stmt : CFG_GROUP_SOURCE CFG_SYSTEM $$50 EOS",
1214	"$$51 :",
1215	"modecfg_stmt : CFG_GROUP_SOURCE CFG_LDAP $$51 EOS",
1216	"$$52 :",
1217	"modecfg_stmt : CFG_ACCOUNTING CFG_NONE $$52 EOS",
1218	"$$53 :",
1219	"modecfg_stmt : CFG_ACCOUNTING CFG_SYSTEM $$53 EOS",
1220	"$$54 :",
1221	"modecfg_stmt : CFG_ACCOUNTING CFG_RADIUS $$54 EOS",
1222	"$$55 :",
1223	"modecfg_stmt : CFG_ACCOUNTING CFG_PAM $$55 EOS",
1224	"$$56 :",
1225	"modecfg_stmt : CFG_POOL_SIZE NUMBER $$56 EOS",
1226	"$$57 :",
1227	"modecfg_stmt : CFG_PFS_GROUP NUMBER $$57 EOS",
1228	"$$58 :",
1229	"modecfg_stmt : CFG_SAVE_PASSWD SWITCH $$58 EOS",
1230	"$$59 :",
1231	"modecfg_stmt : CFG_AUTH_THROTTLE NUMBER $$59 EOS",
1232	"$$60 :",
1233	"modecfg_stmt : CFG_CONF_SOURCE CFG_LOCAL $$60 EOS",
1234	"$$61 :",
1235	"modecfg_stmt : CFG_CONF_SOURCE CFG_RADIUS $$61 EOS",
1236	"$$62 :",
1237	"modecfg_stmt : CFG_CONF_SOURCE CFG_LDAP $$62 EOS",
1238	"$$63 :",
1239	"modecfg_stmt : CFG_MOTD QUOTEDSTRING $$63 EOS",
1240	"addrdnslist : addrdns",
1241	"addrdnslist : addrdns COMMA addrdnslist",
1242	"addrdns : ADDRSTRING",
1243	"addrwinslist : addrwins",
1244	"addrwinslist : addrwins COMMA addrwinslist",
1245	"addrwins : ADDRSTRING",
1246	"splitnetlist : splitnet",
1247	"splitnetlist : splitnetlist COMMA splitnet",
1248	"splitnet : ADDRSTRING PREFIX",
1249	"authgrouplist : authgroup",
1250	"authgrouplist : authgroup COMMA authgrouplist",
1251	"authgroup : QUOTEDSTRING",
1252	"splitdnslist : splitdns",
1253	"splitdnslist : splitdns COMMA splitdnslist",
1254	"splitdns : QUOTEDSTRING",
1255	"timer_statement : RETRY BOC timer_stmts EOC",
1256	"timer_stmts :",
1257	"timer_stmts : timer_stmts timer_stmt",
1258	"$$64 :",
1259	"timer_stmt : RETRY_COUNTER NUMBER $$64 EOS",
1260	"$$65 :",
1261	"timer_stmt : RETRY_INTERVAL NUMBER unittype_time $$65 EOS",
1262	"$$66 :",
1263	"timer_stmt : RETRY_PERSEND NUMBER $$66 EOS",
1264	"$$67 :",
1265	"timer_stmt : RETRY_PHASE1 NUMBER unittype_time $$67 EOS",
1266	"$$68 :",
1267	"timer_stmt : RETRY_PHASE2 NUMBER unittype_time $$68 EOS",
1268	"$$69 :",
1269	"timer_stmt : NATT_KA NUMBER unittype_time $$69 EOS",
1270	"$$70 :",
1271	"$$71 :",
1272	"sainfo_statement : SAINFO $$70 sainfo_name sainfo_param BOC sainfo_specs $$71 EOC",
1273	"sainfo_name : ANONYMOUS",
1274	"sainfo_name : ANONYMOUS CLIENTADDR",
1275	"sainfo_name : ANONYMOUS sainfo_id",
1276	"sainfo_name : sainfo_id ANONYMOUS",
1277	"sainfo_name : sainfo_id CLIENTADDR",
1278	"sainfo_name : sainfo_id sainfo_id",
1279	"sainfo_id : IDENTIFIERTYPE ADDRSTRING prefix port ul_proto",
1280	"sainfo_id : IDENTIFIERTYPE ADDRSTRING ADDRRANGE prefix port ul_proto",
1281	"sainfo_id : IDENTIFIERTYPE QUOTEDSTRING",
1282	"sainfo_param :",
1283	"sainfo_param : FROM IDENTIFIERTYPE identifierstring",
1284	"sainfo_param : GROUP QUOTEDSTRING",
1285	"sainfo_specs :",
1286	"sainfo_specs : sainfo_specs sainfo_spec",
1287	"$$72 :",
1288	"sainfo_spec : PFS_GROUP dh_group_num $$72 EOS",
1289	"$$73 :",
1290	"sainfo_spec : REMOTEID NUMBER $$73 EOS",
1291	"$$74 :",
1292	"sainfo_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$74 EOS",
1293	"$$75 :",
1294	"sainfo_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$75 EOS",
1295	"$$76 :",
1296	"sainfo_spec : ALGORITHM_CLASS $$76 algorithms EOS",
1297	"algorithms : algorithm",
1298	"$$77 :",
1299	"algorithms : algorithm $$77 COMMA algorithms",
1300	"algorithm : ALGORITHMTYPE keylength",
1301	"prefix :",
1302	"prefix : PREFIX",
1303	"port :",
1304	"port : PORT",
1305	"port : PORTANY",
1306	"ul_proto : NUMBER",
1307	"ul_proto : UL_PROTO",
1308	"ul_proto : ANY",
1309	"keylength :",
1310	"keylength : NUMBER",
1311	"$$78 :",
1312	"remote_statement : REMOTE QUOTEDSTRING INHERIT QUOTEDSTRING $$78 remote_specs_inherit_block",
1313	"$$79 :",
1314	"remote_statement : REMOTE QUOTEDSTRING $$79 remote_specs_block",
1315	"$$80 :",
1316	"remote_statement : REMOTE remote_index INHERIT remote_index $$80 remote_specs_inherit_block",
1317	"$$81 :",
1318	"remote_statement : REMOTE remote_index $$81 remote_specs_block",
1319	"remote_specs_inherit_block : remote_specs_block",
1320	"remote_specs_inherit_block : EOS",
1321	"remote_specs_block : BOC remote_specs EOC",
1322	"remote_index : ANONYMOUS ike_port",
1323	"remote_index : ike_addrinfo_port",
1324	"remote_specs :",
1325	"remote_specs : remote_specs remote_spec",
1326	"$$82 :",
1327	"remote_spec : REMOTE_ADDRESS ike_addrinfo_port $$82 EOS",
1328	"$$83 :",
1329	"remote_spec : EXCHANGE_MODE $$83 exchange_types EOS",
1330	"$$84 :",
1331	"remote_spec : DOI DOITYPE $$84 EOS",
1332	"$$85 :",
1333	"remote_spec : SITUATION SITUATIONTYPE $$85 EOS",
1334	"remote_spec : CERTIFICATE_TYPE cert_spec",
1335	"$$86 :",
1336	"remote_spec : PEERS_CERTFILE QUOTEDSTRING $$86 EOS",
1337	"$$87 :",
1338	"remote_spec : PEERS_CERTFILE CERT_X509 QUOTEDSTRING $$87 EOS",
1339	"$$88 :",
1340	"remote_spec : PEERS_CERTFILE CERT_PLAINRSA QUOTEDSTRING $$88 EOS",
1341	"$$89 :",
1342	"remote_spec : PEERS_CERTFILE DNSSEC $$89 EOS",
1343	"$$90 :",
1344	"remote_spec : CA_TYPE CERT_X509 QUOTEDSTRING $$90 EOS",
1345	"$$91 :",
1346	"remote_spec : VERIFY_CERT SWITCH $$91 EOS",
1347	"$$92 :",
1348	"remote_spec : SEND_CERT SWITCH $$92 EOS",
1349	"$$93 :",
1350	"remote_spec : SEND_CR SWITCH $$93 EOS",
1351	"$$94 :",
1352	"remote_spec : MATCH_EMPTY_CR SWITCH $$94 EOS",
1353	"$$95 :",
1354	"remote_spec : MY_IDENTIFIER IDENTIFIERTYPE identifierstring $$95 EOS",
1355	"$$96 :",
1356	"remote_spec : MY_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$96 EOS",
1357	"$$97 :",
1358	"remote_spec : XAUTH_LOGIN identifierstring $$97 EOS",
1359	"$$98 :",
1360	"remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE identifierstring $$98 EOS",
1361	"$$99 :",
1362	"remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$99 EOS",
1363	"$$100 :",
1364	"remote_spec : VERIFY_IDENTIFIER SWITCH $$100 EOS",
1365	"$$101 :",
1366	"remote_spec : NONCE_SIZE NUMBER $$101 EOS",
1367	"$$102 :",
1368	"remote_spec : DH_GROUP $$102 dh_group_num EOS",
1369	"$$103 :",
1370	"remote_spec : PASSIVE SWITCH $$103 EOS",
1371	"$$104 :",
1372	"remote_spec : IKE_FRAG SWITCH $$104 EOS",
1373	"$$105 :",
1374	"remote_spec : IKE_FRAG REMOTE_FORCE_LEVEL $$105 EOS",
1375	"$$106 :",
1376	"remote_spec : ESP_FRAG NUMBER $$106 EOS",
1377	"$$107 :",
1378	"remote_spec : SCRIPT QUOTEDSTRING PHASE1_UP $$107 EOS",
1379	"$$108 :",
1380	"remote_spec : SCRIPT QUOTEDSTRING PHASE1_DOWN $$108 EOS",
1381	"$$109 :",
1382	"remote_spec : SCRIPT QUOTEDSTRING PHASE1_DEAD $$109 EOS",
1383	"$$110 :",
1384	"remote_spec : MODE_CFG SWITCH $$110 EOS",
1385	"$$111 :",
1386	"remote_spec : WEAK_PHASE1_CHECK SWITCH $$111 EOS",
1387	"$$112 :",
1388	"remote_spec : GENERATE_POLICY SWITCH $$112 EOS",
1389	"$$113 :",
1390	"remote_spec : GENERATE_POLICY GENERATE_LEVEL $$113 EOS",
1391	"$$114 :",
1392	"remote_spec : SUPPORT_PROXY SWITCH $$114 EOS",
1393	"$$115 :",
1394	"remote_spec : INITIAL_CONTACT SWITCH $$115 EOS",
1395	"$$116 :",
1396	"remote_spec : NAT_TRAVERSAL SWITCH $$116 EOS",
1397	"$$117 :",
1398	"remote_spec : NAT_TRAVERSAL REMOTE_FORCE_LEVEL $$117 EOS",
1399	"$$118 :",
1400	"remote_spec : DPD SWITCH $$118 EOS",
1401	"$$119 :",
1402	"remote_spec : DPD_DELAY NUMBER $$119 EOS",
1403	"$$120 :",
1404	"remote_spec : DPD_RETRY NUMBER $$120 EOS",
1405	"$$121 :",
1406	"remote_spec : DPD_MAXFAIL NUMBER $$121 EOS",
1407	"$$122 :",
1408	"remote_spec : REKEY SWITCH $$122 EOS",
1409	"$$123 :",
1410	"remote_spec : REKEY REMOTE_FORCE_LEVEL $$123 EOS",
1411	"$$124 :",
1412	"remote_spec : PH1ID NUMBER $$124 EOS",
1413	"$$125 :",
1414	"remote_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$125 EOS",
1415	"$$126 :",
1416	"remote_spec : PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL $$126 EOS",
1417	"$$127 :",
1418	"remote_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$127 EOS",
1419	"$$128 :",
1420	"remote_spec : PROPOSAL $$128 BOC isakmpproposal_specs EOC",
1421	"exchange_types :",
1422	"exchange_types : exchange_types EXCHANGETYPE",
1423	"$$129 :",
1424	"cert_spec : CERT_X509 QUOTEDSTRING QUOTEDSTRING $$129 EOS",
1425	"$$130 :",
1426	"cert_spec : CERT_PLAINRSA QUOTEDSTRING $$130 EOS",
1427	"dh_group_num : ALGORITHMTYPE",
1428	"dh_group_num : NUMBER",
1429	"identifierstring :",
1430	"identifierstring : ADDRSTRING",
1431	"identifierstring : QUOTEDSTRING",
1432	"isakmpproposal_specs :",
1433	"isakmpproposal_specs : isakmpproposal_specs isakmpproposal_spec",
1434	"$$131 :",
1435	"isakmpproposal_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$131 EOS",
1436	"$$132 :",
1437	"isakmpproposal_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$132 EOS",
1438	"$$133 :",
1439	"isakmpproposal_spec : DH_GROUP dh_group_num $$133 EOS",
1440	"$$134 :",
1441	"isakmpproposal_spec : GSS_ID QUOTEDSTRING $$134 EOS",
1442	"$$135 :",
1443	"isakmpproposal_spec : ALGORITHM_CLASS ALGORITHMTYPE keylength $$135 EOS",
1444	"unittype_time : UNITTYPE_SEC",
1445	"unittype_time : UNITTYPE_MIN",
1446	"unittype_time : UNITTYPE_HOUR",
1447	"unittype_byte : UNITTYPE_BYTE",
1448	"unittype_byte : UNITTYPE_KBYTES",
1449	"unittype_byte : UNITTYPE_MBYTES",
1450	"unittype_byte : UNITTYPE_TBYTES",
1451
1452	};
1453	#endif
1454
1455	int yydebug;
1456	int yynerrs;
1457
1458	int yyerrflag;
1459	int yychar;
1460	YYSTYPE yyval;
1461	YYSTYPE yylval;
1462
1463	/* define the initial stack-sizes */
1464	#ifdef YYSTACKSIZE
1465	#undef YYMAXDEPTH
1466	#define YYMAXDEPTH YYSTACKSIZE
1467	#else
1468	#ifdef YYMAXDEPTH
1469	#define YYSTACKSIZE YYMAXDEPTH
1470	#else
1471	#define YYSTACKSIZE 10000
1472	#define YYMAXDEPTH 10000
1473	#endif
1474	#endif
1475
1476	#define YYINITSTACKSIZE 200
1477
1478	typedef struct {
1479	unsigned stacksize;
1480	YYINT *s_base;
1481	YYINT *s_mark;
1482	YYINT *s_last;
1483	YYSTYPE *l_base;
1484	YYSTYPE *l_mark;
1485	} YYSTACKDATA;
1486	/* variables for the parser stack */
1487	static YYSTACKDATA yystack;
1488	#line 2399 "../../ipsec-tools/src/racoon/cfparse.y"
1489
1490	static struct secprotospec *
1491	newspspec()
1492	{
1493	struct secprotospec *new;
1494
1495	new = racoon_calloc(1, sizeof(*new));
1496	if (new == NULL) {
1497	yyerror("failed to allocate spproto");
1498	return NULL;
1499	}
1500
1501	new->encklen = 0; /XXX/
1502
1503	/*
1504	* Default to "uknown" vendor -- we will override this
1505	* as necessary. When we send a Vendor ID payload, an
1506	* "unknown" will be translated to a KAME/racoon ID.
1507	*/
1508	new->vendorid = VENDORID_UNKNOWN;
1509
1510	return new;
1511	}
1512
1513	/*
1514	* insert into head of list.
1515	*/
1516	static void
1517	insspspec(rmconf, spspec)
1518	struct remoteconf *rmconf;
1519	struct secprotospec *spspec;
1520	{
1521	if (rmconf->spspec != NULL)
1522	rmconf->spspec->prev = spspec;
1523	spspec->next = rmconf->spspec;
1524	rmconf->spspec = spspec;
1525	}
1526
1527	static struct secprotospec *
1528	dupspspec(spspec)
1529	struct secprotospec *spspec;
1530	{
1531	struct secprotospec *new;
1532
1533	new = newspspec();
1534	if (new == NULL) {
1535	plog(LLV_ERROR, LOCATION, NULL,
1536	"dupspspec: malloc failed\n");
1537	return NULL;
1538	}
1539	memcpy(new, spspec, sizeof(*new));
1540
1541	if (spspec->gssid) {
1542	new->gssid = racoon_strdup(spspec->gssid);
1543	STRDUP_FATAL(new->gssid);
1544	}
1545	if (spspec->remote) {
1546	new->remote = racoon_malloc(sizeof(*new->remote));
1547	if (new->remote == NULL) {
1548	plog(LLV_ERROR, LOCATION, NULL,
1549	"dupspspec: malloc failed (remote)\n");
1550	return NULL;
1551	}
1552	memcpy(new->remote, spspec->remote, sizeof(*new->remote));
1553	}
1554
1555	return new;
1556	}
1557
1558	/*
1559	* copy the whole list
1560	*/
1561	void
1562	dupspspec_list(dst, src)
1563	struct remoteconf dst, src;
1564	{
1565	struct secprotospec p, new, *last;
1566
1567	for(p = src->spspec, last = NULL; p; p = p->next, last = new) {
1568	new = dupspspec(p);
1569	if (new == NULL)
1570	exit(1);
1571
1572	new->prev = last;
1573	new->next = NULL; /* not necessary but clean */
1574
1575	if (last)
1576	last->next = new;
1577	else /* first element */
1578	dst->spspec = new;
1579
1580	}
1581	}
1582
1583	/*
1584	* delete the whole list
1585	*/
1586	void
1587	flushspspec(rmconf)
1588	struct remoteconf *rmconf;
1589	{
1590	struct secprotospec *p;
1591
1592	while(rmconf->spspec != NULL) {
1593	p = rmconf->spspec;
1594	rmconf->spspec = p->next;
1595	if (p->next != NULL)
1596	p->next->prev = NULL; /* not necessary but clean */
1597
1598	if (p->gssid)
1599	racoon_free(p->gssid);
1600	if (p->remote)
1601	racoon_free(p->remote);
1602	racoon_free(p);
1603	}
1604	rmconf->spspec = NULL;
1605	}
1606
1607	/* set final acceptable proposal */
1608	static int
1609	set_isakmp_proposal(rmconf)
1610	struct remoteconf *rmconf;
1611	{
1612	struct secprotospec *s;
1613	int prop_no = 1;
1614	int trns_no = 1;
1615	int32_t types[MAXALGCLASS];
1616
1617	/* mandatory check */
1618	if (rmconf->spspec == NULL) {
1619	yyerror("no remote specification found: %s.\n",
1620	saddr2str(rmconf->remote));
1621	return -1;
1622	}
1623	for (s = rmconf->spspec; s != NULL; s = s->next) {
1624	/* XXX need more to check */
1625	if (s->algclass[algclass_isakmp_enc] == 0) {
1626	yyerror("encryption algorithm required.");
1627	return -1;
1628	}
1629	if (s->algclass[algclass_isakmp_hash] == 0) {
1630	yyerror("hash algorithm required.");
1631	return -1;
1632	}
1633	if (s->algclass[algclass_isakmp_dh] == 0) {
1634	yyerror("DH group required.");
1635	return -1;
1636	}
1637	if (s->algclass[algclass_isakmp_ameth] == 0) {
1638	yyerror("authentication method required.");
1639	return -1;
1640	}
1641	}
1642
1643	/* skip to last part */
1644	for (s = rmconf->spspec; s->next != NULL; s = s->next)
1645	;
1646
1647	while (s != NULL) {
1648	plog(LLV_DEBUG2, LOCATION, NULL,
1649	"lifetime = %ld\n", (long)
1650	(s->lifetime ? s->lifetime : rmconf->lifetime));
1651	plog(LLV_DEBUG2, LOCATION, NULL,
1652	"lifebyte = %d\n",
1653	s->lifebyte ? s->lifebyte : rmconf->lifebyte);
1654	plog(LLV_DEBUG2, LOCATION, NULL,
1655	"encklen=%d\n", s->encklen);
1656
1657	memset(types, 0, ARRAYLEN(types));
1658	types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc];
1659	types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash];
1660	types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh];
1661	types[algclass_isakmp_ameth] =
1662	s->algclass[algclass_isakmp_ameth];
1663
1664	/* expanding spspec */
1665	clean_tmpalgtype();
1666	trns_no = expand_isakmpspec(prop_no, trns_no, types,
1667	algclass_isakmp_enc, algclass_isakmp_ameth + 1,
1668	s->lifetime ? s->lifetime : rmconf->lifetime,
1669	s->lifebyte ? s->lifebyte : rmconf->lifebyte,
1670	s->encklen, s->vendorid, s->gssid,
1671	rmconf);
1672	if (trns_no == -1) {
1673	plog(LLV_ERROR, LOCATION, NULL,
1674	"failed to expand isakmp proposal.\n");
1675	return -1;
1676	}
1677
1678	s = s->prev;
1679	}
1680
1681	if (rmconf->proposal == NULL) {
1682	plog(LLV_ERROR, LOCATION, NULL,
1683	"no proposal found.\n");
1684	return -1;
1685	}
1686
1687	return 0;
1688	}
1689
1690	static void
1691	clean_tmpalgtype()
1692	{
1693	int i;
1694	for (i = 0; i < MAXALGCLASS; i++)
1695	tmpalgtype[i] = 0; /* means algorithm undefined. */
1696	}
1697
1698	static int
1699	expand_isakmpspec(prop_no, trns_no, types,
1700	class, last, lifetime, lifebyte, encklen, vendorid, gssid,
1701	rmconf)
1702	int prop_no, trns_no;
1703	int *types, class, last;
1704	time_t lifetime;
1705	int lifebyte;
1706	int encklen;
1707	int vendorid;
1708	char *gssid;
1709	struct remoteconf *rmconf;
1710	{
1711	struct isakmpsa *new;
1712
1713	/* debugging */
1714	{
1715	int j;
1716	char tb[10];
1717	plog(LLV_DEBUG2, LOCATION, NULL,
1718	"p:%d t:%d\n", prop_no, trns_no);
1719	for (j = class; j < MAXALGCLASS; j++) {
1720	snprintf(tb, sizeof(tb), "%d", types[j]);
1721	plog(LLV_DEBUG2, LOCATION, NULL,
1722	"%s%s%s%s\n",
1723	s_algtype(j, types[j]),
1724	types[j] ? "(" : "",
1725	tb[0] == '0' ? "" : tb,
1726	types[j] ? ")" : "");
1727	}
1728	plog(LLV_DEBUG2, LOCATION, NULL, "\n");
1729	}
1730
1731	#define TMPALGTYPE2STR(n) \
1732	s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n])
1733	/* check mandatory values */
1734	if (types[algclass_isakmp_enc] == 0
1735	\|\| types[algclass_isakmp_ameth] == 0
1736	\|\| types[algclass_isakmp_hash] == 0
1737	\|\| types[algclass_isakmp_dh] == 0) {
1738	yyerror("few definition of algorithm "
1739	"enc=%s ameth=%s hash=%s dhgroup=%s.\n",
1740	TMPALGTYPE2STR(enc),
1741	TMPALGTYPE2STR(ameth),
1742	TMPALGTYPE2STR(hash),
1743	TMPALGTYPE2STR(dh));
1744	return -1;
1745	}
1746	#undef TMPALGTYPE2STR
1747
1748	/* set new sa */
1749	new = newisakmpsa();
1750	if (new == NULL) {
1751	yyerror("failed to allocate isakmp sa");
1752	return -1;
1753	}
1754	new->prop_no = prop_no;
1755	new->trns_no = trns_no++;
1756	new->lifetime = lifetime;
1757	new->lifebyte = lifebyte;
1758	new->enctype = types[algclass_isakmp_enc];
1759	new->encklen = encklen;
1760	new->authmethod = types[algclass_isakmp_ameth];
1761	new->hashtype = types[algclass_isakmp_hash];
1762	new->dh_group = types[algclass_isakmp_dh];
1763	new->vendorid = vendorid;
1764	#ifdef HAVE_GSSAPI
1765	if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
1766	if (gssid != NULL) {
1767	if ((new->gssid = vmalloc(strlen(gssid))) == NULL) {
1768	racoon_free(new);
1769	yyerror("failed to allocate gssid");
1770	return -1;
1771	}
1772	memcpy(new->gssid->v, gssid, new->gssid->l);
1773	racoon_free(gssid);
1774	} else {
1775	/*
1776	* Allocate the default ID so that it gets put
1777	* into a GSS ID attribute during the Phase 1
1778	* exchange.
1779	*/
1780	new->gssid = gssapi_get_default_gss_id();
1781	}
1782	}
1783	#endif
1784	insisakmpsa(new, rmconf);
1785
1786	return trns_no;
1787	}
1788
1789	#if 0
1790	/*
1791	* fix lifebyte.
1792	* Must be more than 1024B because its unit is kilobytes.
1793	* That is defined RFC2407.
1794	*/
1795	static int
1796	fix_lifebyte(t)
1797	unsigned long t;
1798	{
1799	if (t < 1024) {
1800	yyerror("byte size should be more than 1024B.");
1801	return 0;
1802	}
1803
1804	return(t / 1024);
1805	}
1806	#endif
1807
1808	int
1809	cfparse()
1810	{
1811	int error;
1812
1813	yyerrorcount = 0;
1814	yycf_init_buffer();
1815
1816	if (yycf_switch_buffer(lcconf->racoon_conf) != 0) {
1817	plog(LLV_ERROR, LOCATION, NULL,
1818	"could not read configuration file \"%s\"\n",
1819	lcconf->racoon_conf);
1820	return -1;
1821	}
1822
1823	error = yyparse();
1824	if (error != 0) {
1825	if (yyerrorcount) {
1826	plog(LLV_ERROR, LOCATION, NULL,
1827	"fatal parse failure (%d errors)\n",
1828	yyerrorcount);
1829	} else {
1830	plog(LLV_ERROR, LOCATION, NULL,
1831	"fatal parse failure.\n");
1832	}
1833	return -1;
1834	}
1835
1836	if (error == 0 && yyerrorcount) {
1837	plog(LLV_ERROR, LOCATION, NULL,
1838	"parse error is nothing, but yyerrorcount is %d.\n",
1839	yyerrorcount);
1840	exit(1);
1841	}
1842
1843	yycf_clean_buffer();
1844
1845	plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n");
1846
1847	return 0;
1848	}
1849
1850	int
1851	cfreparse()
1852	{
1853	flushph2();
1854	flushph1();
1855	flushrmconf();
1856	flushsainfo();
1857	clean_tmpalgtype();
1858	return(cfparse());
1859	}
1860
1861	#ifdef ENABLE_ADMINPORT
1862	static void
1863	adminsock_conf(path, owner, group, mode_dec)
1864	vchar_t *path;
1865	vchar_t *owner;
1866	vchar_t *group;
1867	int mode_dec;
1868	{
1869	struct passwd *pw = NULL;
1870	struct group *gr = NULL;
1871	mode_t mode = 0;
1872	uid_t uid;
1873	gid_t gid;
1874	int isnum;
1875
1876	adminsock_path = path->v;
1877
1878	if (owner == NULL)
1879	return;
1880
1881	errno = 0;
1882	uid = atoi(owner->v);
1883	isnum = !errno;
1884	if (((pw = getpwnam(owner->v)) == NULL) && !isnum)
1885	yyerror("User \"%s\" does not exist", owner->v);
1886
1887	if (pw)
1888	adminsock_owner = pw->pw_uid;
1889	else
1890	adminsock_owner = uid;
1891
1892	if (group == NULL)
1893	return;
1894
1895	errno = 0;
1896	gid = atoi(group->v);
1897	isnum = !errno;
1898	if (((gr = getgrnam(group->v)) == NULL) && !isnum)
1899	yyerror("Group \"%s\" does not exist", group->v);
1900
1901	if (gr)
1902	adminsock_group = gr->gr_gid;
1903	else
1904	adminsock_group = gid;
1905
1906	if (mode_dec == -1)
1907	return;
1908
1909	if (mode_dec > 777)
1910	yyerror("Mode 0%03o is invalid", mode_dec);
1911	if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; }
1912	if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; }
1913	if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; }
1914
1915	if (mode_dec > 77)
1916	yyerror("Mode 0%03o is invalid", mode_dec);
1917	if (mode_dec >= 40) { mode += 040; mode_dec -= 40; }
1918	if (mode_dec >= 20) { mode += 020; mode_dec -= 20; }
1919	if (mode_dec >= 10) { mode += 020; mode_dec -= 10; }
1920
1921	if (mode_dec > 7)
1922	yyerror("Mode 0%03o is invalid", mode_dec);
1923	if (mode_dec >= 4) { mode += 04; mode_dec -= 4; }
1924	if (mode_dec >= 2) { mode += 02; mode_dec -= 2; }
1925	if (mode_dec >= 1) { mode += 02; mode_dec -= 1; }
1926
1927	adminsock_mode = mode;
1928
1929	return;
1930	}
1931	#endif
1932	#line 1933 "racoonyy.tab.c"
1933
1934	#if YYDEBUG
1935	#include <stdio.h> /* needed for printf */
1936	#endif
1937
1938	#include <stdlib.h> /* needed for malloc, etc */
1939	#include <string.h> /* needed for memset */
1940
1941	/* allocate initial stack or double stack size, up to YYMAXDEPTH */
1942	static int yygrowstack(YYSTACKDATA *data)
1943	{
1944	int i;
1945	unsigned newsize;
1946	YYINT *newss;
1947	YYSTYPE *newvs;
1948
1949	if ((newsize = data->stacksize) == 0)
1950	newsize = YYINITSTACKSIZE;
1951	else if (newsize >= YYMAXDEPTH)
1952	return YYENOMEM;
1953	else if ((newsize *= 2) > YYMAXDEPTH)
1954	newsize = YYMAXDEPTH;
1955
1956	i = (int) (data->s_mark - data->s_base);
1957	newss = (YYINT )realloc(data->s_base, newsize sizeof(*newss));
1958	if (newss == 0)
1959	return YYENOMEM;
1960
1961	data->s_base = newss;
1962	data->s_mark = newss + i;
1963
1964	newvs = (YYSTYPE )realloc(data->l_base, newsize sizeof(*newvs));
1965	if (newvs == 0)
1966	return YYENOMEM;
1967
1968	data->l_base = newvs;
1969	data->l_mark = newvs + i;
1970
1971	data->stacksize = newsize;
1972	data->s_last = data->s_base + newsize - 1;
1973	return 0;
1974	}
1975
1976	#if YYPURE \|\| defined(YY_NO_LEAKS)
1977	static void yyfreestack(YYSTACKDATA *data)
1978	{
1979	free(data->s_base);
1980	free(data->l_base);
1981	memset(data, 0, sizeof(*data));
1982	}
1983	#else
1984	#define yyfreestack(data) /* nothing */
1985	#endif
1986
1987	#define YYABORT goto yyabort
1988	#define YYREJECT goto yyabort
1989	#define YYACCEPT goto yyaccept
1990	#define YYERROR goto yyerrlab
1991
1992	int
1993	YYPARSE_DECL()
1994	{
1995	int yym, yyn, yystate;
1996	#if YYDEBUG
1997	const char *yys;
1998
1999	if ((yys = getenv("YYDEBUG")) != 0)
2000	{
2001	yyn = *yys;
2002	if (yyn >= '0' && yyn <= '9')
2003	yydebug = yyn - '0';
2004	}
2005	#endif
2006
2007	yym = 0;
2008	yyn = 0;
2009	yynerrs = 0;
2010	yyerrflag = 0;
2011	yychar = YYEMPTY;
2012	yystate = 0;
2013
2014	#if YYPURE
2015	memset(&yystack, 0, sizeof(yystack));
2016	#endif
2017
2018	if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
2019	yystack.s_mark = yystack.s_base;
2020	yystack.l_mark = yystack.l_base;
2021	yystate = 0;
2022	*yystack.s_mark = 0;
2023
2024	yyloop:
2025	if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
2026	if (yychar < 0)
2027	{
2028	yychar = YYLEX;
2029	if (yychar < 0) yychar = YYEOF;
2030	#if YYDEBUG
2031	if (yydebug)
2032	{
2033	if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
2034	printf("%sdebug: state %d, reading %d (%s)\n",
2035	YYPREFIX, yystate, yychar, yys);
2036	}
2037	#endif
2038	}
2039	if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 &&
2040	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar)
2041	{
2042	#if YYDEBUG
2043	if (yydebug)
2044	printf("%sdebug: state %d, shifting to state %d\n",
2045	YYPREFIX, yystate, yytable[yyn]);
2046	#endif
2047	if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
2048	yystate = yytable[yyn];
2049	*++yystack.s_mark = yytable[yyn];
2050	*++yystack.l_mark = yylval;
2051	yychar = YYEMPTY;
2052	if (yyerrflag > 0) --yyerrflag;
2053	goto yyloop;
2054	}
2055	if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 &&
2056	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar)
2057	{
2058	yyn = yytable[yyn];
2059	goto yyreduce;
2060	}
2061	if (yyerrflag != 0) goto yyinrecovery;
2062
2063	YYERROR_CALL("syntax error");
2064
2065	goto yyerrlab; /* redundant goto avoids 'unused label' warning */
2066	yyerrlab:
2067	++yynerrs;
2068
2069	yyinrecovery:
2070	if (yyerrflag < 3)
2071	{
2072	yyerrflag = 3;
2073	for (;;)
2074	{
2075	if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 &&
2076	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE)
2077	{
2078	#if YYDEBUG
2079	if (yydebug)
2080	printf("%sdebug: state %d, error recovery shifting\
2081	to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
2082	#endif
2083	if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
2084	yystate = yytable[yyn];
2085	*++yystack.s_mark = yytable[yyn];
2086	*++yystack.l_mark = yylval;
2087	goto yyloop;
2088	}
2089	else
2090	{
2091	#if YYDEBUG
2092	if (yydebug)
2093	printf("%sdebug: error recovery discarding state %d\n",
2094	YYPREFIX, *yystack.s_mark);
2095	#endif
2096	if (yystack.s_mark <= yystack.s_base) goto yyabort;
2097	--yystack.s_mark;
2098	--yystack.l_mark;
2099	}
2100	}
2101	}
2102	else
2103	{
2104	if (yychar == YYEOF) goto yyabort;
2105	#if YYDEBUG
2106	if (yydebug)
2107	{
2108	if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
2109	printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
2110	YYPREFIX, yystate, yychar, yys);
2111	}
2112	#endif
2113	yychar = YYEMPTY;
2114	goto yyloop;
2115	}
2116
2117	yyreduce:
2118	#if YYDEBUG
2119	if (yydebug)
2120	printf("%sdebug: state %d, reducing by rule %d (%s)\n",
2121	YYPREFIX, yystate, yyn, yyrule[yyn]);
2122	#endif
2123	yym = yylen[yyn];
2124	if (yym > 0)
2125	yyval = yystack.l_mark[1-yym];
2126	else
2127	memset(&yyval, 0, sizeof yyval);
2128
2129	switch (yyn)
2130	{
2131	case 21:
2132	#line 368 "../../ipsec-tools/src/racoon/cfparse.y"
2133	{
2134	struct passwd *pw;
2135
2136	if ((pw = getpwnam(yystack.l_mark[0].val->v)) == NULL) {
2137	yyerror("unknown user \"%s\"", yystack.l_mark[0].val->v);
2138	return -1;
2139	}
2140	lcconf->uid = pw->pw_uid;
2141	}
2142	break;
2143	case 23:
2144	#line 378 "../../ipsec-tools/src/racoon/cfparse.y"
2145	{ lcconf->uid = yystack.l_mark[0].num; }
2146	break;
2147	case 25:
2148	#line 380 "../../ipsec-tools/src/racoon/cfparse.y"
2149	{
2150	struct group *gr;
2151
2152	if ((gr = getgrnam(yystack.l_mark[0].val->v)) == NULL) {
2153	yyerror("unknown group \"%s\"", yystack.l_mark[0].val->v);
2154	return -1;
2155	}
2156	lcconf->gid = gr->gr_gid;
2157	}
2158	break;
2159	case 27:
2160	#line 390 "../../ipsec-tools/src/racoon/cfparse.y"
2161	{ lcconf->gid = yystack.l_mark[0].num; }
2162	break;
2163	case 29:
2164	#line 391 "../../ipsec-tools/src/racoon/cfparse.y"
2165	{ lcconf->chroot = yystack.l_mark[0].val->v; }
2166	break;
2167	case 31:
2168	#line 397 "../../ipsec-tools/src/racoon/cfparse.y"
2169	{
2170	if (yystack.l_mark[-1].num >= LC_PATHTYPE_MAX) {
2171	yyerror("invalid path type %d", yystack.l_mark[-1].num);
2172	return -1;
2173	}
2174
2175	/* free old pathinfo */
2176	if (lcconf->pathinfo[yystack.l_mark[-1].num])
2177	racoon_free(lcconf->pathinfo[yystack.l_mark[-1].num]);
2178
2179	/* set new pathinfo */
2180	lcconf->pathinfo[yystack.l_mark[-1].num] = racoon_strdup(yystack.l_mark[0].val->v);
2181	STRDUP_FATAL(lcconf->pathinfo[yystack.l_mark[-1].num]);
2182	vfree(yystack.l_mark[0].val);
2183	}
2184	break;
2185	case 33:
2186	#line 417 "../../ipsec-tools/src/racoon/cfparse.y"
2187	{ lcconf->complex_bundle = yystack.l_mark[0].num; }
2188	break;
2189	case 35:
2190	#line 423 "../../ipsec-tools/src/racoon/cfparse.y"
2191	{
2192	char path[MAXPATHLEN];
2193
2194	getpathname(path, sizeof(path),
2195	LC_PATHTYPE_INCLUDE, yystack.l_mark[-1].val->v);
2196	vfree(yystack.l_mark[-1].val);
2197	if (yycf_switch_buffer(path) != 0)
2198	return -1;
2199	}
2200	break;
2201	case 36:
2202	#line 437 "../../ipsec-tools/src/racoon/cfparse.y"
2203	{
2204	lcconf->pfkey_buffer_size = yystack.l_mark[-1].num;
2205	}
2206	break;
2207	case 37:
2208	#line 444 "../../ipsec-tools/src/racoon/cfparse.y"
2209	{
2210	if (yystack.l_mark[-1].num >= LC_GSSENC_MAX) {
2211	yyerror("invalid GSS ID encoding %d", yystack.l_mark[-1].num);
2212	return -1;
2213	}
2214	lcconf->gss_id_enc = yystack.l_mark[-1].num;
2215	}
2216	break;
2217	case 39:
2218	#line 459 "../../ipsec-tools/src/racoon/cfparse.y"
2219	{
2220	/*
2221	* set the loglevel to the value specified
2222	* in the configuration file plus the number
2223	* of -d options specified on the command line
2224	*/
2225	loglevel += yystack.l_mark[0].num - oldloglevel;
2226	oldloglevel = yystack.l_mark[0].num;
2227	}
2228	break;
2229	case 43:
2230	#line 479 "../../ipsec-tools/src/racoon/cfparse.y"
2231	{ lcconf->pad_random = yystack.l_mark[0].num; }
2232	break;
2233	case 45:
2234	#line 480 "../../ipsec-tools/src/racoon/cfparse.y"
2235	{ lcconf->pad_randomlen = yystack.l_mark[0].num; }
2236	break;
2237	case 47:
2238	#line 481 "../../ipsec-tools/src/racoon/cfparse.y"
2239	{ lcconf->pad_maxsize = yystack.l_mark[0].num; }
2240	break;
2241	case 49:
2242	#line 482 "../../ipsec-tools/src/racoon/cfparse.y"
2243	{ lcconf->pad_strict = yystack.l_mark[0].num; }
2244	break;
2245	case 51:
2246	#line 483 "../../ipsec-tools/src/racoon/cfparse.y"
2247	{ lcconf->pad_excltail = yystack.l_mark[0].num; }
2248	break;
2249	case 56:
2250	#line 496 "../../ipsec-tools/src/racoon/cfparse.y"
2251	{
2252	myaddr_listen(yystack.l_mark[0].saddr, FALSE);
2253	racoon_free(yystack.l_mark[0].saddr);
2254	}
2255	break;
2256	case 58:
2257	#line 502 "../../ipsec-tools/src/racoon/cfparse.y"
2258	{
2259	#ifdef ENABLE_NATT
2260	myaddr_listen(yystack.l_mark[0].saddr, TRUE);
2261	racoon_free(yystack.l_mark[0].saddr);
2262	#else
2263	racoon_free(yystack.l_mark[0].saddr);
2264	yyerror("NAT-T support not compiled in.");
2265	#endif
2266	}
2267	break;
2268	case 60:
2269	#line 513 "../../ipsec-tools/src/racoon/cfparse.y"
2270	{
2271	#ifdef ENABLE_ADMINPORT
2272	adminsock_conf(yystack.l_mark[-3].val, yystack.l_mark[-2].val, yystack.l_mark[-1].val, yystack.l_mark[0].num);
2273	#else
2274	yywarn("admin port support not compiled in");
2275	#endif
2276	}
2277	break;
2278	case 62:
2279	#line 522 "../../ipsec-tools/src/racoon/cfparse.y"
2280	{
2281	#ifdef ENABLE_ADMINPORT
2282	adminsock_conf(yystack.l_mark[0].val, NULL, NULL, -1);
2283	#else
2284	yywarn("admin port support not compiled in");
2285	#endif
2286	}
2287	break;
2288	case 64:
2289	#line 531 "../../ipsec-tools/src/racoon/cfparse.y"
2290	{
2291	#ifdef ENABLE_ADMINPORT
2292	adminsock_path = NULL;
2293	#else
2294	yywarn("admin port support not compiled in");
2295	#endif
2296	}
2297	break;
2298	case 66:
2299	#line 539 "../../ipsec-tools/src/racoon/cfparse.y"
2300	{ lcconf->strict_address = TRUE; }
2301	break;
2302	case 68:
2303	#line 543 "../../ipsec-tools/src/racoon/cfparse.y"
2304	{
2305	char portbuf[10];
2306
2307	snprintf(portbuf, sizeof(portbuf), "%ld", yystack.l_mark[0].num);
2308	yyval.saddr = str2saddr(yystack.l_mark[-1].val->v, portbuf);
2309	vfree(yystack.l_mark[-1].val);
2310	if (!yyval.saddr)
2311	return -1;
2312	}
2313	break;
2314	case 69:
2315	#line 554 "../../ipsec-tools/src/racoon/cfparse.y"
2316	{ yyval.num = PORT_ISAKMP; }
2317	break;
2318	case 70:
2319	#line 555 "../../ipsec-tools/src/racoon/cfparse.y"
2320	{ yyval.num = yystack.l_mark[0].num; }
2321	break;
2322	case 71:
2323	#line 560 "../../ipsec-tools/src/racoon/cfparse.y"
2324	{
2325	#ifndef ENABLE_HYBRID
2326	yyerror("racoon not configured with --enable-hybrid");
2327	return -1;
2328	#endif
2329	#ifndef HAVE_LIBRADIUS
2330	yyerror("racoon not configured with --with-libradius");
2331	return -1;
2332	#endif
2333	#ifdef ENABLE_HYBRID
2334	#ifdef HAVE_LIBRADIUS
2335	xauth_rad_config.timeout = 3;
2336	xauth_rad_config.retries = 3;
2337	#endif
2338	#endif
2339	}
2340	break;
2341	case 75:
2342	#line 583 "../../ipsec-tools/src/racoon/cfparse.y"
2343	{
2344	#ifdef ENABLE_HYBRID
2345	#ifdef HAVE_LIBRADIUS
2346	int i = xauth_rad_config.auth_server_count;
2347	if (i == RADIUS_MAX_SERVERS) {
2348	yyerror("maximum radius auth servers exceeded");
2349	return -1;
2350	}
2351
2352	xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-1].val);
2353	xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val);
2354	xauth_rad_config.auth_server_list[i].port = 0; /* default port*/
2355	xauth_rad_config.auth_server_count++;
2356	#endif
2357	#endif
2358	}
2359	break;
2360	case 77:
2361	#line 601 "../../ipsec-tools/src/racoon/cfparse.y"
2362	{
2363	#ifdef ENABLE_HYBRID
2364	#ifdef HAVE_LIBRADIUS
2365	int i = xauth_rad_config.auth_server_count;
2366	if (i == RADIUS_MAX_SERVERS) {
2367	yyerror("maximum radius auth servers exceeded");
2368	return -1;
2369	}
2370
2371	xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-2].val);
2372	xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val);
2373	xauth_rad_config.auth_server_list[i].port = yystack.l_mark[-1].num;
2374	xauth_rad_config.auth_server_count++;
2375	#endif
2376	#endif
2377	}
2378	break;
2379	case 79:
2380	#line 619 "../../ipsec-tools/src/racoon/cfparse.y"
2381	{
2382	#ifdef ENABLE_HYBRID
2383	#ifdef HAVE_LIBRADIUS
2384	int i = xauth_rad_config.acct_server_count;
2385	if (i == RADIUS_MAX_SERVERS) {
2386	yyerror("maximum radius account servers exceeded");
2387	return -1;
2388	}
2389
2390	xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-1].val);
2391	xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val);
2392	xauth_rad_config.acct_server_list[i].port = 0; /* default port*/
2393	xauth_rad_config.acct_server_count++;
2394	#endif
2395	#endif
2396	}
2397	break;
2398	case 81:
2399	#line 637 "../../ipsec-tools/src/racoon/cfparse.y"
2400	{
2401	#ifdef ENABLE_HYBRID
2402	#ifdef HAVE_LIBRADIUS
2403	int i = xauth_rad_config.acct_server_count;
2404	if (i == RADIUS_MAX_SERVERS) {
2405	yyerror("maximum radius account servers exceeded");
2406	return -1;
2407	}
2408
2409	xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-2].val);
2410	xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val);
2411	xauth_rad_config.acct_server_list[i].port = yystack.l_mark[-1].num;
2412	xauth_rad_config.acct_server_count++;
2413	#endif
2414	#endif
2415	}
2416	break;
2417	case 83:
2418	#line 655 "../../ipsec-tools/src/racoon/cfparse.y"
2419	{
2420	#ifdef ENABLE_HYBRID
2421	#ifdef HAVE_LIBRADIUS
2422	xauth_rad_config.timeout = yystack.l_mark[0].num;
2423	#endif
2424	#endif
2425	}
2426	break;
2427	case 85:
2428	#line 664 "../../ipsec-tools/src/racoon/cfparse.y"
2429	{
2430	#ifdef ENABLE_HYBRID
2431	#ifdef HAVE_LIBRADIUS
2432	xauth_rad_config.retries = yystack.l_mark[0].num;
2433	#endif
2434	#endif
2435	}
2436	break;
2437	case 87:
2438	#line 676 "../../ipsec-tools/src/racoon/cfparse.y"
2439	{
2440	#ifndef ENABLE_HYBRID
2441	yyerror("racoon not configured with --enable-hybrid");
2442	return -1;
2443	#endif
2444	#ifndef HAVE_LIBLDAP
2445	yyerror("racoon not configured with --with-libldap");
2446	return -1;
2447	#endif
2448	}
2449	break;
2450	case 91:
2451	#line 693 "../../ipsec-tools/src/racoon/cfparse.y"
2452	{
2453	#ifdef ENABLE_HYBRID
2454	#ifdef HAVE_LIBLDAP
2455	if ((yystack.l_mark[0].num<2)\|\|(yystack.l_mark[0].num>3))
2456	yyerror("invalid ldap protocol version (2\|3)");
2457	xauth_ldap_config.pver = yystack.l_mark[0].num;
2458	#endif
2459	#endif
2460	}
2461	break;
2462	case 93:
2463	#line 704 "../../ipsec-tools/src/racoon/cfparse.y"
2464	{
2465	#ifdef ENABLE_HYBRID
2466	#ifdef HAVE_LIBLDAP
2467	if (xauth_ldap_config.host != NULL)
2468	vfree(xauth_ldap_config.host);
2469	xauth_ldap_config.host = vdup(yystack.l_mark[0].val);
2470	#endif
2471	#endif
2472	}
2473	break;
2474	case 95:
2475	#line 715 "../../ipsec-tools/src/racoon/cfparse.y"
2476	{
2477	#ifdef ENABLE_HYBRID
2478	#ifdef HAVE_LIBLDAP
2479	xauth_ldap_config.port = yystack.l_mark[0].num;
2480	#endif
2481	#endif
2482	}
2483	break;
2484	case 97:
2485	#line 724 "../../ipsec-tools/src/racoon/cfparse.y"
2486	{
2487	#ifdef ENABLE_HYBRID
2488	#ifdef HAVE_LIBLDAP
2489	if (xauth_ldap_config.base != NULL)
2490	vfree(xauth_ldap_config.base);
2491	xauth_ldap_config.base = vdup(yystack.l_mark[0].val);
2492	#endif
2493	#endif
2494	}
2495	break;
2496	case 99:
2497	#line 735 "../../ipsec-tools/src/racoon/cfparse.y"
2498	{
2499	#ifdef ENABLE_HYBRID
2500	#ifdef HAVE_LIBLDAP
2501	xauth_ldap_config.subtree = yystack.l_mark[0].num;
2502	#endif
2503	#endif
2504	}
2505	break;
2506	case 101:
2507	#line 744 "../../ipsec-tools/src/racoon/cfparse.y"
2508	{
2509	#ifdef ENABLE_HYBRID
2510	#ifdef HAVE_LIBLDAP
2511	if (xauth_ldap_config.bind_dn != NULL)
2512	vfree(xauth_ldap_config.bind_dn);
2513	xauth_ldap_config.bind_dn = vdup(yystack.l_mark[0].val);
2514	#endif
2515	#endif
2516	}
2517	break;
2518	case 103:
2519	#line 755 "../../ipsec-tools/src/racoon/cfparse.y"
2520	{
2521	#ifdef ENABLE_HYBRID
2522	#ifdef HAVE_LIBLDAP
2523	if (xauth_ldap_config.bind_pw != NULL)
2524	vfree(xauth_ldap_config.bind_pw);
2525	xauth_ldap_config.bind_pw = vdup(yystack.l_mark[0].val);
2526	#endif
2527	#endif
2528	}
2529	break;
2530	case 105:
2531	#line 766 "../../ipsec-tools/src/racoon/cfparse.y"
2532	{
2533	#ifdef ENABLE_HYBRID
2534	#ifdef HAVE_LIBLDAP
2535	if (xauth_ldap_config.attr_user != NULL)
2536	vfree(xauth_ldap_config.attr_user);
2537	xauth_ldap_config.attr_user = vdup(yystack.l_mark[0].val);
2538	#endif
2539	#endif
2540	}
2541	break;
2542	case 107:
2543	#line 777 "../../ipsec-tools/src/racoon/cfparse.y"
2544	{
2545	#ifdef ENABLE_HYBRID
2546	#ifdef HAVE_LIBLDAP
2547	if (xauth_ldap_config.attr_addr != NULL)
2548	vfree(xauth_ldap_config.attr_addr);
2549	xauth_ldap_config.attr_addr = vdup(yystack.l_mark[0].val);
2550	#endif
2551	#endif
2552	}
2553	break;
2554	case 109:
2555	#line 788 "../../ipsec-tools/src/racoon/cfparse.y"
2556	{
2557	#ifdef ENABLE_HYBRID
2558	#ifdef HAVE_LIBLDAP
2559	if (xauth_ldap_config.attr_mask != NULL)
2560	vfree(xauth_ldap_config.attr_mask);
2561	xauth_ldap_config.attr_mask = vdup(yystack.l_mark[0].val);
2562	#endif
2563	#endif
2564	}
2565	break;
2566	case 111:
2567	#line 799 "../../ipsec-tools/src/racoon/cfparse.y"
2568	{
2569	#ifdef ENABLE_HYBRID
2570	#ifdef HAVE_LIBLDAP
2571	if (xauth_ldap_config.attr_group != NULL)
2572	vfree(xauth_ldap_config.attr_group);
2573	xauth_ldap_config.attr_group = vdup(yystack.l_mark[0].val);
2574	#endif
2575	#endif
2576	}
2577	break;
2578	case 113:
2579	#line 810 "../../ipsec-tools/src/racoon/cfparse.y"
2580	{
2581	#ifdef ENABLE_HYBRID
2582	#ifdef HAVE_LIBLDAP
2583	if (xauth_ldap_config.attr_member != NULL)
2584	vfree(xauth_ldap_config.attr_member);
2585	xauth_ldap_config.attr_member = vdup(yystack.l_mark[0].val);
2586	#endif
2587	#endif
2588	}
2589	break;
2590	case 118:
2591	#line 832 "../../ipsec-tools/src/racoon/cfparse.y"
2592	{
2593	#ifdef ENABLE_HYBRID
2594	if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
2595	&isakmp_cfg_config.network4) != 1)
2596	yyerror("bad IPv4 network address.");
2597	#else
2598	yyerror("racoon not configured with --enable-hybrid");
2599	#endif
2600	}
2601	break;
2602	case 120:
2603	#line 843 "../../ipsec-tools/src/racoon/cfparse.y"
2604	{
2605	#ifdef ENABLE_HYBRID
2606	if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
2607	&isakmp_cfg_config.netmask4) != 1)
2608	yyerror("bad IPv4 netmask address.");
2609	#else
2610	yyerror("racoon not configured with --enable-hybrid");
2611	#endif
2612	}
2613	break;
2614	case 124:
2615	#line 858 "../../ipsec-tools/src/racoon/cfparse.y"
2616	{
2617	#ifdef ENABLE_HYBRID
2618	isakmp_cfg_config.splitnet_type = UNITY_LOCAL_LAN;
2619	#else
2620	yyerror("racoon not configured with --enable-hybrid");
2621	#endif
2622	}
2623	break;
2624	case 126:
2625	#line 867 "../../ipsec-tools/src/racoon/cfparse.y"
2626	{
2627	#ifdef ENABLE_HYBRID
2628	isakmp_cfg_config.splitnet_type = UNITY_SPLIT_INCLUDE;
2629	#else
2630	yyerror("racoon not configured with --enable-hybrid");
2631	#endif
2632	}
2633	break;
2634	case 128:
2635	#line 876 "../../ipsec-tools/src/racoon/cfparse.y"
2636	{
2637	#ifndef ENABLE_HYBRID
2638	yyerror("racoon not configured with --enable-hybrid");
2639	#endif
2640	}
2641	break;
2642	case 130:
2643	#line 883 "../../ipsec-tools/src/racoon/cfparse.y"
2644	{
2645	#ifdef ENABLE_HYBRID
2646	strncpy(&isakmp_cfg_config.default_domain[0],
2647	yystack.l_mark[0].val->v, MAXPATHLEN);
2648	isakmp_cfg_config.default_domain[MAXPATHLEN] = '\0';
2649	vfree(yystack.l_mark[0].val);
2650	#else
2651	yyerror("racoon not configured with --enable-hybrid");
2652	#endif
2653	}
2654	break;
2655	case 132:
2656	#line 895 "../../ipsec-tools/src/racoon/cfparse.y"
2657	{
2658	#ifdef ENABLE_HYBRID
2659	isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM;
2660	#else
2661	yyerror("racoon not configured with --enable-hybrid");
2662	#endif
2663	}
2664	break;
2665	case 134:
2666	#line 904 "../../ipsec-tools/src/racoon/cfparse.y"
2667	{
2668	#ifdef ENABLE_HYBRID
2669	#ifdef HAVE_LIBRADIUS
2670	isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_RADIUS;
2671	#else /* HAVE_LIBRADIUS */
2672	yyerror("racoon not configured with --with-libradius");
2673	#endif /* HAVE_LIBRADIUS */
2674	#else /* ENABLE_HYBRID */
2675	yyerror("racoon not configured with --enable-hybrid");
2676	#endif /* ENABLE_HYBRID */
2677	}
2678	break;
2679	case 136:
2680	#line 917 "../../ipsec-tools/src/racoon/cfparse.y"
2681	{
2682	#ifdef ENABLE_HYBRID
2683	#ifdef HAVE_LIBPAM
2684	isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_PAM;
2685	#else /* HAVE_LIBPAM */
2686	yyerror("racoon not configured with --with-libpam");
2687	#endif /* HAVE_LIBPAM */
2688	#else /* ENABLE_HYBRID */
2689	yyerror("racoon not configured with --enable-hybrid");
2690	#endif /* ENABLE_HYBRID */
2691	}
2692	break;
2693	case 138:
2694	#line 930 "../../ipsec-tools/src/racoon/cfparse.y"
2695	{
2696	#ifdef ENABLE_HYBRID
2697	#ifdef HAVE_LIBLDAP
2698	isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_LDAP;
2699	#else /* HAVE_LIBLDAP */
2700	yyerror("racoon not configured with --with-libldap");
2701	#endif /* HAVE_LIBLDAP */
2702	#else /* ENABLE_HYBRID */
2703	yyerror("racoon not configured with --enable-hybrid");
2704	#endif /* ENABLE_HYBRID */
2705	}
2706	break;
2707	case 140:
2708	#line 943 "../../ipsec-tools/src/racoon/cfparse.y"
2709	{
2710	#ifndef ENABLE_HYBRID
2711	yyerror("racoon not configured with --enable-hybrid");
2712	#endif
2713	}
2714	break;
2715	case 142:
2716	#line 950 "../../ipsec-tools/src/racoon/cfparse.y"
2717	{
2718	#ifdef ENABLE_HYBRID
2719	isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM;
2720	#else
2721	yyerror("racoon not configured with --enable-hybrid");
2722	#endif
2723	}
2724	break;
2725	case 144:
2726	#line 959 "../../ipsec-tools/src/racoon/cfparse.y"
2727	{
2728	#ifdef ENABLE_HYBRID
2729	#ifdef HAVE_LIBLDAP
2730	isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_LDAP;
2731	#else /* HAVE_LIBLDAP */
2732	yyerror("racoon not configured with --with-libldap");
2733	#endif /* HAVE_LIBLDAP */
2734	#else /* ENABLE_HYBRID */
2735	yyerror("racoon not configured with --enable-hybrid");
2736	#endif /* ENABLE_HYBRID */
2737	}
2738	break;
2739	case 146:
2740	#line 972 "../../ipsec-tools/src/racoon/cfparse.y"
2741	{
2742	#ifdef ENABLE_HYBRID
2743	isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE;
2744	#else
2745	yyerror("racoon not configured with --enable-hybrid");
2746	#endif
2747	}
2748	break;
2749	case 148:
2750	#line 981 "../../ipsec-tools/src/racoon/cfparse.y"
2751	{
2752	#ifdef ENABLE_HYBRID
2753	isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_SYSTEM;
2754	#else
2755	yyerror("racoon not configured with --enable-hybrid");
2756	#endif
2757	}
2758	break;
2759	case 150:
2760	#line 990 "../../ipsec-tools/src/racoon/cfparse.y"
2761	{
2762	#ifdef ENABLE_HYBRID
2763	#ifdef HAVE_LIBRADIUS
2764	isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_RADIUS;
2765	#else /* HAVE_LIBRADIUS */
2766	yyerror("racoon not configured with --with-libradius");
2767	#endif /* HAVE_LIBRADIUS */
2768	#else /* ENABLE_HYBRID */
2769	yyerror("racoon not configured with --enable-hybrid");
2770	#endif /* ENABLE_HYBRID */
2771	}
2772	break;
2773	case 152:
2774	#line 1003 "../../ipsec-tools/src/racoon/cfparse.y"
2775	{
2776	#ifdef ENABLE_HYBRID
2777	#ifdef HAVE_LIBPAM
2778	isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_PAM;
2779	#else /* HAVE_LIBPAM */
2780	yyerror("racoon not configured with --with-libpam");
2781	#endif /* HAVE_LIBPAM */
2782	#else /* ENABLE_HYBRID */
2783	yyerror("racoon not configured with --enable-hybrid");
2784	#endif /* ENABLE_HYBRID */
2785	}
2786	break;
2787	case 154:
2788	#line 1016 "../../ipsec-tools/src/racoon/cfparse.y"
2789	{
2790	#ifdef ENABLE_HYBRID
2791	if (isakmp_cfg_resize_pool(yystack.l_mark[0].num) != 0)
2792	yyerror("cannot allocate memory for pool");
2793	#else /* ENABLE_HYBRID */
2794	yyerror("racoon not configured with --enable-hybrid");
2795	#endif /* ENABLE_HYBRID */
2796	}
2797	break;
2798	case 156:
2799	#line 1026 "../../ipsec-tools/src/racoon/cfparse.y"
2800	{
2801	#ifdef ENABLE_HYBRID
2802	isakmp_cfg_config.pfs_group = yystack.l_mark[0].num;
2803	#else /* ENABLE_HYBRID */
2804	yyerror("racoon not configured with --enable-hybrid");
2805	#endif /* ENABLE_HYBRID */
2806	}
2807	break;
2808	case 158:
2809	#line 1035 "../../ipsec-tools/src/racoon/cfparse.y"
2810	{
2811	#ifdef ENABLE_HYBRID
2812	isakmp_cfg_config.save_passwd = yystack.l_mark[0].num;
2813	#else /* ENABLE_HYBRID */
2814	yyerror("racoon not configured with --enable-hybrid");
2815	#endif /* ENABLE_HYBRID */
2816	}
2817	break;
2818	case 160:
2819	#line 1044 "../../ipsec-tools/src/racoon/cfparse.y"
2820	{
2821	#ifdef ENABLE_HYBRID
2822	isakmp_cfg_config.auth_throttle = yystack.l_mark[0].num;
2823	#else /* ENABLE_HYBRID */
2824	yyerror("racoon not configured with --enable-hybrid");
2825	#endif /* ENABLE_HYBRID */
2826	}
2827	break;
2828	case 162:
2829	#line 1053 "../../ipsec-tools/src/racoon/cfparse.y"
2830	{
2831	#ifdef ENABLE_HYBRID
2832	isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL;
2833	#else /* ENABLE_HYBRID */
2834	yyerror("racoon not configured with --enable-hybrid");
2835	#endif /* ENABLE_HYBRID */
2836	}
2837	break;
2838	case 164:
2839	#line 1062 "../../ipsec-tools/src/racoon/cfparse.y"
2840	{
2841	#ifdef ENABLE_HYBRID
2842	#ifdef HAVE_LIBRADIUS
2843	isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_RADIUS;
2844	#else /* HAVE_LIBRADIUS */
2845	yyerror("racoon not configured with --with-libradius");
2846	#endif /* HAVE_LIBRADIUS */
2847	#else /* ENABLE_HYBRID */
2848	yyerror("racoon not configured with --enable-hybrid");
2849	#endif /* ENABLE_HYBRID */
2850	}
2851	break;
2852	case 166:
2853	#line 1075 "../../ipsec-tools/src/racoon/cfparse.y"
2854	{
2855	#ifdef ENABLE_HYBRID
2856	#ifdef HAVE_LIBLDAP
2857	isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LDAP;
2858	#else /* HAVE_LIBLDAP */
2859	yyerror("racoon not configured with --with-libldap");
2860	#endif /* HAVE_LIBLDAP */
2861	#else /* ENABLE_HYBRID */
2862	yyerror("racoon not configured with --enable-hybrid");
2863	#endif /* ENABLE_HYBRID */
2864	}
2865	break;
2866	case 168:
2867	#line 1088 "../../ipsec-tools/src/racoon/cfparse.y"
2868	{
2869	#ifdef ENABLE_HYBRID
2870	strncpy(&isakmp_cfg_config.motd[0], yystack.l_mark[0].val->v, MAXPATHLEN);
2871	isakmp_cfg_config.motd[MAXPATHLEN] = '\0';
2872	vfree(yystack.l_mark[0].val);
2873	#else
2874	yyerror("racoon not configured with --enable-hybrid");
2875	#endif
2876	}
2877	break;
2878	case 172:
2879	#line 1106 "../../ipsec-tools/src/racoon/cfparse.y"
2880	{
2881	#ifdef ENABLE_HYBRID
2882	struct isakmp_cfg_config *icc = &isakmp_cfg_config;
2883
2884	if (icc->dns4_index > MAXNS)
2885	yyerror("No more than %d DNS", MAXNS);
2886	if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
2887	&icc->dns4[icc->dns4_index++]) != 1)
2888	yyerror("bad IPv4 DNS address.");
2889	#else
2890	yyerror("racoon not configured with --enable-hybrid");
2891	#endif
2892	}
2893	break;
2894	case 175:
2895	#line 1127 "../../ipsec-tools/src/racoon/cfparse.y"
2896	{
2897	#ifdef ENABLE_HYBRID
2898	struct isakmp_cfg_config *icc = &isakmp_cfg_config;
2899
2900	if (icc->nbns4_index > MAXWINS)
2901	yyerror("No more than %d WINS", MAXWINS);
2902	if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
2903	&icc->nbns4[icc->nbns4_index++]) != 1)
2904	yyerror("bad IPv4 WINS address.");
2905	#else
2906	yyerror("racoon not configured with --enable-hybrid");
2907	#endif
2908	}
2909	break;
2910	case 178:
2911	#line 1148 "../../ipsec-tools/src/racoon/cfparse.y"
2912	{
2913	#ifdef ENABLE_HYBRID
2914	struct isakmp_cfg_config *icc = &isakmp_cfg_config;
2915	struct unity_network network;
2916	memset(&network,0,sizeof(network));
2917
2918	if (inet_pton(AF_INET, yystack.l_mark[-1].val->v, &network.addr4) != 1)
2919	yyerror("bad IPv4 SPLIT address.");
2920
2921	/* Turn $2 (the prefix) into a subnet mask */
2922	network.mask4.s_addr = (yystack.l_mark[0].num) ? htonl(~((1 << (32 - yystack.l_mark[0].num)) - 1)) : 0;
2923
2924	/* add the network to our list */
2925	if (splitnet_list_add(&icc->splitnet_list, &network,&icc->splitnet_count))
2926	yyerror("Unable to allocate split network");
2927	#else
2928	yyerror("racoon not configured with --enable-hybrid");
2929	#endif
2930	}
2931	break;
2932	case 181:
2933	#line 1175 "../../ipsec-tools/src/racoon/cfparse.y"
2934	{
2935	#ifdef ENABLE_HYBRID
2936	char * groupname = NULL;
2937	char ** grouplist = NULL;
2938	struct isakmp_cfg_config *icc = &isakmp_cfg_config;
2939
2940	grouplist = racoon_realloc(icc->grouplist,
2941	sizeof(char*)(icc->groupcount+1));
2942	if (grouplist == NULL) {
2943	yyerror("unable to allocate auth group list");
2944	return -1;
2945	}
2946
2947	groupname = racoon_malloc(yystack.l_mark[0].val->l+1);
2948	if (groupname == NULL) {
2949	yyerror("unable to allocate auth group name");
2950	return -1;
2951	}
2952
2953	memcpy(groupname,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l);
2954	groupname[yystack.l_mark[0].val->l]=0;
2955	grouplist[icc->groupcount]=groupname;
2956	icc->grouplist = grouplist;
2957	icc->groupcount++;
2958
2959	vfree(yystack.l_mark[0].val);
2960	#else
2961	yyerror("racoon not configured with --enable-hybrid");
2962	#endif
2963	}
2964	break;
2965	case 184:
2966	#line 1213 "../../ipsec-tools/src/racoon/cfparse.y"
2967	{
2968	#ifdef ENABLE_HYBRID
2969	struct isakmp_cfg_config *icc = &isakmp_cfg_config;
2970
2971	if (!icc->splitdns_len)
2972	{
2973	icc->splitdns_list = racoon_malloc(yystack.l_mark[0].val->l);
2974	if(icc->splitdns_list == NULL) {
2975	yyerror("error allocating splitdns list buffer");
2976	return -1;
2977	}
2978	memcpy(icc->splitdns_list,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l);
2979	icc->splitdns_len = yystack.l_mark[0].val->l;
2980	}
2981	else
2982	{
2983	int len = icc->splitdns_len + yystack.l_mark[0].val->l + 1;
2984	icc->splitdns_list = racoon_realloc(icc->splitdns_list,len);
2985	if(icc->splitdns_list == NULL) {
2986	yyerror("error allocating splitdns list buffer");
2987	return -1;
2988	}
2989	icc->splitdns_list[icc->splitdns_len] = ',';
2990	memcpy(icc->splitdns_list + icc->splitdns_len + 1, yystack.l_mark[0].val->v, yystack.l_mark[0].val->l);
2991	icc->splitdns_len = len;
2992	}
2993	vfree(yystack.l_mark[0].val);
2994	#else
2995	yyerror("racoon not configured with --enable-hybrid");
2996	#endif
2997	}
2998	break;
2999	case 188:
3000	#line 1257 "../../ipsec-tools/src/racoon/cfparse.y"
3001	{
3002	lcconf->retry_counter = yystack.l_mark[0].num;
3003	}
3004	break;
3005	case 190:
3006	#line 1262 "../../ipsec-tools/src/racoon/cfparse.y"
3007	{
3008	lcconf->retry_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num;
3009	}
3010	break;
3011	case 192:
3012	#line 1267 "../../ipsec-tools/src/racoon/cfparse.y"
3013	{
3014	lcconf->count_persend = yystack.l_mark[0].num;
3015	}
3016	break;
3017	case 194:
3018	#line 1272 "../../ipsec-tools/src/racoon/cfparse.y"
3019	{
3020	lcconf->retry_checkph1 = yystack.l_mark[-1].num * yystack.l_mark[0].num;
3021	}
3022	break;
3023	case 196:
3024	#line 1277 "../../ipsec-tools/src/racoon/cfparse.y"
3025	{
3026	lcconf->wait_ph2complete = yystack.l_mark[-1].num * yystack.l_mark[0].num;
3027	}
3028	break;
3029	case 198:
3030	#line 1282 "../../ipsec-tools/src/racoon/cfparse.y"
3031	{
3032	#ifdef ENABLE_NATT
3033	if (libipsec_opt & LIBIPSEC_OPT_NATT)
3034	lcconf->natt_ka_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num;
3035	else
3036	yyerror("libipsec lacks NAT-T support");
3037	#else
3038	yyerror("NAT-T support not compiled in.");
3039	#endif
3040	}
3041	break;
3042	case 200:
3043	#line 1298 "../../ipsec-tools/src/racoon/cfparse.y"
3044	{
3045	cur_sainfo = newsainfo();
3046	if (cur_sainfo == NULL) {
3047	yyerror("failed to allocate sainfo");
3048	return -1;
3049	}
3050	}
3051	break;
3052	case 201:
3053	#line 1306 "../../ipsec-tools/src/racoon/cfparse.y"
3054	{
3055	struct sainfo *check;
3056
3057	/* default */
3058	if (cur_sainfo->algs[algclass_ipsec_enc] == 0) {
3059	yyerror("no encryption algorithm at %s",
3060	sainfo2str(cur_sainfo));
3061	return -1;
3062	}
3063	if (cur_sainfo->algs[algclass_ipsec_auth] == 0) {
3064	yyerror("no authentication algorithm at %s",
3065	sainfo2str(cur_sainfo));
3066	return -1;
3067	}
3068	if (cur_sainfo->algs[algclass_ipsec_comp] == 0) {
3069	yyerror("no compression algorithm at %s",
3070	sainfo2str(cur_sainfo));
3071	return -1;
3072	}
3073
3074	/* duplicate check */
3075	check = getsainfo(cur_sainfo->idsrc,
3076	cur_sainfo->iddst,
3077	cur_sainfo->id_i,
3078	NULL,
3079	cur_sainfo->remoteid);
3080
3081	if (check && ((check->idsrc != SAINFO_ANONYMOUS) &&
3082	(cur_sainfo->idsrc != SAINFO_ANONYMOUS))) {
3083	yyerror("duplicated sainfo: %s",
3084	sainfo2str(cur_sainfo));
3085	return -1;
3086	}
3087
3088	inssainfo(cur_sainfo);
3089	}
3090	break;
3091	case 203:
3092	#line 1346 "../../ipsec-tools/src/racoon/cfparse.y"
3093	{
3094	cur_sainfo->idsrc = SAINFO_ANONYMOUS;
3095	cur_sainfo->iddst = SAINFO_ANONYMOUS;
3096	}
3097	break;
3098	case 204:
3099	#line 1351 "../../ipsec-tools/src/racoon/cfparse.y"
3100	{
3101	cur_sainfo->idsrc = SAINFO_ANONYMOUS;
3102	cur_sainfo->iddst = SAINFO_CLIENTADDR;
3103	}
3104	break;
3105	case 205:
3106	#line 1356 "../../ipsec-tools/src/racoon/cfparse.y"
3107	{
3108	cur_sainfo->idsrc = SAINFO_ANONYMOUS;
3109	cur_sainfo->iddst = yystack.l_mark[0].val;
3110	}
3111	break;
3112	case 206:
3113	#line 1361 "../../ipsec-tools/src/racoon/cfparse.y"
3114	{
3115	cur_sainfo->idsrc = yystack.l_mark[-1].val;
3116	cur_sainfo->iddst = SAINFO_ANONYMOUS;
3117	}
3118	break;
3119	case 207:
3120	#line 1366 "../../ipsec-tools/src/racoon/cfparse.y"
3121	{
3122	cur_sainfo->idsrc = yystack.l_mark[-1].val;
3123	cur_sainfo->iddst = SAINFO_CLIENTADDR;
3124	}
3125	break;
3126	case 208:
3127	#line 1371 "../../ipsec-tools/src/racoon/cfparse.y"
3128	{
3129	cur_sainfo->idsrc = yystack.l_mark[-1].val;
3130	cur_sainfo->iddst = yystack.l_mark[0].val;
3131	}
3132	break;
3133	case 209:
3134	#line 1378 "../../ipsec-tools/src/racoon/cfparse.y"
3135	{
3136	char portbuf[10];
3137	struct sockaddr *saddr;
3138
3139	if ((yystack.l_mark[0].num == IPPROTO_ICMP \|\| yystack.l_mark[0].num == IPPROTO_ICMPV6)
3140	&& (yystack.l_mark[-1].num != IPSEC_PORT_ANY \|\| yystack.l_mark[-1].num != IPSEC_PORT_ANY)) {
3141	yyerror("port number must be \"any\".");
3142	return -1;
3143	}
3144
3145	snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num);
3146	saddr = str2saddr(yystack.l_mark[-3].val->v, portbuf);
3147	vfree(yystack.l_mark[-3].val);
3148	if (saddr == NULL)
3149	return -1;
3150
3151	switch (saddr->sa_family) {
3152	case AF_INET:
3153	if (yystack.l_mark[0].num == IPPROTO_ICMPV6) {
3154	yyerror("upper layer protocol mismatched.\n");
3155	racoon_free(saddr);
3156	return -1;
3157	}
3158	yyval.val = ipsecdoi_sockaddr2id(saddr,
3159	yystack.l_mark[-2].num == ~0 ? (sizeof(struct in_addr) << 3): yystack.l_mark[-2].num,
3160	yystack.l_mark[0].num);
3161	break;
3162	#ifdef INET6
3163	case AF_INET6:
3164	if (yystack.l_mark[0].num == IPPROTO_ICMP) {
3165	yyerror("upper layer protocol mismatched.\n");
3166	racoon_free(saddr);
3167	return -1;
3168	}
3169	yyval.val = ipsecdoi_sockaddr2id(saddr,
3170	yystack.l_mark[-2].num == ~0 ? (sizeof(struct in6_addr) << 3): yystack.l_mark[-2].num,
3171	yystack.l_mark[0].num);
3172	break;
3173	#endif
3174	default:
3175	yyerror("invalid family: %d", saddr->sa_family);
3176	yyval.val = NULL;
3177	break;
3178	}
3179	racoon_free(saddr);
3180	if (yyval.val == NULL)
3181	return -1;
3182	}
3183	break;
3184	case 210:
3185	#line 1427 "../../ipsec-tools/src/racoon/cfparse.y"
3186	{
3187	char portbuf[10];
3188	struct sockaddr laddr = NULL, haddr = NULL;
3189	char *cur = NULL;
3190
3191	if ((yystack.l_mark[0].num == IPPROTO_ICMP \|\| yystack.l_mark[0].num == IPPROTO_ICMPV6)
3192	&& (yystack.l_mark[-1].num != IPSEC_PORT_ANY \|\| yystack.l_mark[-1].num != IPSEC_PORT_ANY)) {
3193	yyerror("port number must be \"any\".");
3194	return -1;
3195	}
3196
3197	snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num);
3198
3199	laddr = str2saddr(yystack.l_mark[-4].val->v, portbuf);
3200	if (laddr == NULL) {
3201	return -1;
3202	}
3203	vfree(yystack.l_mark[-4].val);
3204	haddr = str2saddr(yystack.l_mark[-3].val->v, portbuf);
3205	if (haddr == NULL) {
3206	racoon_free(laddr);
3207	return -1;
3208	}
3209	vfree(yystack.l_mark[-3].val);
3210
3211	switch (laddr->sa_family) {
3212	case AF_INET:
3213	if (yystack.l_mark[0].num == IPPROTO_ICMPV6) {
3214	yyerror("upper layer protocol mismatched.\n");
3215	if (laddr)
3216	racoon_free(laddr);
3217	if (haddr)
3218	racoon_free(haddr);
3219	return -1;
3220	}
3221	yyval.val = ipsecdoi_sockrange2id(laddr, haddr,
3222	yystack.l_mark[0].num);
3223	break;
3224	#ifdef INET6
3225	case AF_INET6:
3226	if (yystack.l_mark[0].num == IPPROTO_ICMP) {
3227	yyerror("upper layer protocol mismatched.\n");
3228	if (laddr)
3229	racoon_free(laddr);
3230	if (haddr)
3231	racoon_free(haddr);
3232	return -1;
3233	}
3234	yyval.val = ipsecdoi_sockrange2id(laddr, haddr,
3235	yystack.l_mark[0].num);
3236	break;
3237	#endif
3238	default:
3239	yyerror("invalid family: %d", laddr->sa_family);
3240	yyval.val = NULL;
3241	break;
3242	}
3243	if (laddr)
3244	racoon_free(laddr);
3245	if (haddr)
3246	racoon_free(haddr);
3247	if (yyval.val == NULL)
3248	return -1;
3249	}
3250	break;
3251	case 211:
3252	#line 1492 "../../ipsec-tools/src/racoon/cfparse.y"
3253	{
3254	struct ipsecdoi_id_b *id_b;
3255
3256	if (yystack.l_mark[-1].num == IDTYPE_ASN1DN) {
3257	yyerror("id type forbidden: %d", yystack.l_mark[-1].num);
3258	yyval.val = NULL;
3259	return -1;
3260	}
3261
3262	yystack.l_mark[0].val->l--;
3263
3264	yyval.val = vmalloc(sizeof(*id_b) + yystack.l_mark[0].val->l);
3265	if (yyval.val == NULL) {
3266	yyerror("failed to allocate identifier");
3267	return -1;
3268	}
3269
3270	id_b = (struct ipsecdoi_id_b *)yyval.val->v;
3271	id_b->type = idtype2doi(yystack.l_mark[-1].num);
3272
3273	id_b->proto_id = 0;
3274	id_b->port = 0;
3275
3276	memcpy(yyval.val->v + sizeof(*id_b), yystack.l_mark[0].val->v, yystack.l_mark[0].val->l);
3277	}
3278	break;
3279	case 212:
3280	#line 1520 "../../ipsec-tools/src/racoon/cfparse.y"
3281	{
3282	cur_sainfo->id_i = NULL;
3283	}
3284	break;
3285	case 213:
3286	#line 1524 "../../ipsec-tools/src/racoon/cfparse.y"
3287	{
3288	struct ipsecdoi_id_b *id_b;
3289	vchar_t *idv;
3290
3291	if (set_identifier(&idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) {
3292	yyerror("failed to set identifer.\n");
3293	return -1;
3294	}
3295	cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l);
3296	if (cur_sainfo->id_i == NULL) {
3297	yyerror("failed to allocate identifier");
3298	return -1;
3299	}
3300
3301	id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v;
3302	id_b->type = idtype2doi(yystack.l_mark[-1].num);
3303
3304	id_b->proto_id = 0;
3305	id_b->port = 0;
3306
3307	memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
3308	idv->v, idv->l);
3309	vfree(idv);
3310	}
3311	break;
3312	case 214:
3313	#line 1549 "../../ipsec-tools/src/racoon/cfparse.y"
3314	{
3315	#ifdef ENABLE_HYBRID
3316	if ((cur_sainfo->group = vdup(yystack.l_mark[0].val)) == NULL) {
3317	yyerror("failed to set sainfo xauth group.\n");
3318	return -1;
3319	}
3320	#else
3321	yyerror("racoon not configured with --enable-hybrid");
3322	return -1;
3323	#endif
3324	}
3325	break;
3326	case 217:
3327	#line 1567 "../../ipsec-tools/src/racoon/cfparse.y"
3328	{
3329	cur_sainfo->pfs_group = yystack.l_mark[0].num;
3330	}
3331	break;
3332	case 219:
3333	#line 1572 "../../ipsec-tools/src/racoon/cfparse.y"
3334	{
3335	cur_sainfo->remoteid = yystack.l_mark[0].num;
3336	}
3337	break;
3338	case 221:
3339	#line 1577 "../../ipsec-tools/src/racoon/cfparse.y"
3340	{
3341	cur_sainfo->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num;
3342	}
3343	break;
3344	case 223:
3345	#line 1582 "../../ipsec-tools/src/racoon/cfparse.y"
3346	{
3347	#if 1
3348	yyerror("byte lifetime support is deprecated");
3349	return -1;
3350	#else
3351	cur_sainfo->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num);
3352	if (cur_sainfo->lifebyte == 0)
3353	return -1;
3354	#endif
3355	}
3356	break;
3357	case 225:
3358	#line 1593 "../../ipsec-tools/src/racoon/cfparse.y"
3359	{
3360	cur_algclass = yystack.l_mark[0].num;
3361	}
3362	break;
3363	case 227:
3364	#line 1601 "../../ipsec-tools/src/racoon/cfparse.y"
3365	{
3366	inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg);
3367	}
3368	break;
3369	case 228:
3370	#line 1605 "../../ipsec-tools/src/racoon/cfparse.y"
3371	{
3372	inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg);
3373	}
3374	break;
3375	case 230:
3376	#line 1612 "../../ipsec-tools/src/racoon/cfparse.y"
3377	{
3378	int defklen;
3379
3380	yyval.alg = newsainfoalg();
3381	if (yyval.alg == NULL) {
3382	yyerror("failed to get algorithm allocation");
3383	return -1;
3384	}
3385
3386	yyval.alg->alg = algtype2doi(cur_algclass, yystack.l_mark[-1].num);
3387	if (yyval.alg->alg == -1) {
3388	yyerror("algorithm mismatched");
3389	racoon_free(yyval.alg);
3390	yyval.alg = NULL;
3391	return -1;
3392	}
3393
3394	defklen = default_keylen(cur_algclass, yystack.l_mark[-1].num);
3395	if (defklen == 0) {
3396	if (yystack.l_mark[0].num) {
3397	yyerror("keylen not allowed");
3398	racoon_free(yyval.alg);
3399	yyval.alg = NULL;
3400	return -1;
3401	}
3402	} else {
3403	if (yystack.l_mark[0].num && check_keylen(cur_algclass, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) {
3404	yyerror("invalid keylen %d", yystack.l_mark[0].num);
3405	racoon_free(yyval.alg);
3406	yyval.alg = NULL;
3407	return -1;
3408	}
3409	}
3410
3411	if (yystack.l_mark[0].num)
3412	yyval.alg->encklen = yystack.l_mark[0].num;
3413	else
3414	yyval.alg->encklen = defklen;
3415
3416	/* check if it's supported algorithm by kernel */
3417	if (!(cur_algclass == algclass_ipsec_auth && yystack.l_mark[-1].num == algtype_non_auth)
3418	&& pk_checkalg(cur_algclass, yystack.l_mark[-1].num, yyval.alg->encklen)) {
3419	int a = algclass2doi(cur_algclass);
3420	int b = algtype2doi(cur_algclass, yystack.l_mark[-1].num);
3421	if (a == IPSECDOI_ATTR_AUTH)
3422	a = IPSECDOI_PROTO_IPSEC_AH;
3423	yyerror("algorithm %s not supported by the kernel (missing module?)",
3424	s_ipsecdoi_trns(a, b));
3425	racoon_free(yyval.alg);
3426	yyval.alg = NULL;
3427	return -1;
3428	}
3429	}
3430	break;
3431	case 231:
3432	#line 1667 "../../ipsec-tools/src/racoon/cfparse.y"
3433	{ yyval.num = ~0; }
3434	break;
3435	case 232:
3436	#line 1668 "../../ipsec-tools/src/racoon/cfparse.y"
3437	{ yyval.num = yystack.l_mark[0].num; }
3438	break;
3439	case 233:
3440	#line 1671 "../../ipsec-tools/src/racoon/cfparse.y"
3441	{ yyval.num = IPSEC_PORT_ANY; }
3442	break;
3443	case 234:
3444	#line 1672 "../../ipsec-tools/src/racoon/cfparse.y"
3445	{ yyval.num = yystack.l_mark[0].num; }
3446	break;
3447	case 235:
3448	#line 1673 "../../ipsec-tools/src/racoon/cfparse.y"
3449	{ yyval.num = IPSEC_PORT_ANY; }
3450	break;
3451	case 236:
3452	#line 1676 "../../ipsec-tools/src/racoon/cfparse.y"
3453	{ yyval.num = yystack.l_mark[0].num; }
3454	break;
3455	case 237:
3456	#line 1677 "../../ipsec-tools/src/racoon/cfparse.y"
3457	{ yyval.num = yystack.l_mark[0].num; }
3458	break;
3459	case 238:
3460	#line 1678 "../../ipsec-tools/src/racoon/cfparse.y"
3461	{ yyval.num = IPSEC_ULPROTO_ANY; }
3462	break;
3463	case 239:
3464	#line 1681 "../../ipsec-tools/src/racoon/cfparse.y"
3465	{ yyval.num = 0; }
3466	break;
3467	case 240:
3468	#line 1682 "../../ipsec-tools/src/racoon/cfparse.y"
3469	{ yyval.num = yystack.l_mark[0].num; }
3470	break;
3471	case 241:
3472	#line 1688 "../../ipsec-tools/src/racoon/cfparse.y"
3473	{
3474	struct remoteconf from, new;
3475
3476	if (getrmconf_by_name(yystack.l_mark[-2].val->v) != NULL) {
3477	yyerror("named remoteconf \"%s\" already exists.");
3478	return -1;
3479	}
3480
3481	from = getrmconf_by_name(yystack.l_mark[0].val->v);
3482	if (from == NULL) {
3483	yyerror("named parent remoteconf \"%s\" does not exist.",
3484	yystack.l_mark[0].val->v);
3485	return -1;
3486	}
3487
3488	new = duprmconf_shallow(from);
3489	if (new == NULL) {
3490	yyerror("failed to duplicate remoteconf from \"%s\".",
3491	yystack.l_mark[0].val->v);
3492	return -1;
3493	}
3494
3495	new->name = racoon_strdup(yystack.l_mark[-2].val->v);
3496	cur_rmconf = new;
3497
3498	vfree(yystack.l_mark[-2].val);
3499	vfree(yystack.l_mark[0].val);
3500	}
3501	break;
3502	case 243:
3503	#line 1718 "../../ipsec-tools/src/racoon/cfparse.y"
3504	{
3505	struct remoteconf *new;
3506
3507	if (getrmconf_by_name(yystack.l_mark[0].val->v) != NULL) {
3508	yyerror("Named remoteconf \"%s\" already exists.");
3509	return -1;
3510	}
3511
3512	new = newrmconf();
3513	if (new == NULL) {
3514	yyerror("failed to get new remoteconf.");
3515	return -1;
3516	}
3517	new->name = racoon_strdup(yystack.l_mark[0].val->v);
3518	cur_rmconf = new;
3519
3520	vfree(yystack.l_mark[0].val);
3521	}
3522	break;
3523	case 245:
3524	#line 1738 "../../ipsec-tools/src/racoon/cfparse.y"
3525	{
3526	struct remoteconf from, new;
3527
3528	from = getrmconf(yystack.l_mark[0].saddr, GETRMCONF_F_NO_ANONYMOUS);
3529	if (from == NULL) {
3530	yyerror("failed to get remoteconf for %s.",
3531	saddr2str(yystack.l_mark[0].saddr));
3532	return -1;
3533	}
3534
3535	new = duprmconf_shallow(from);
3536	if (new == NULL) {
3537	yyerror("failed to duplicate remoteconf from %s.",
3538	saddr2str(yystack.l_mark[0].saddr));
3539	return -1;
3540	}
3541
3542	racoon_free(yystack.l_mark[0].saddr);
3543	new->remote = yystack.l_mark[-2].saddr;
3544	cur_rmconf = new;
3545	}
3546	break;
3547	case 247:
3548	#line 1761 "../../ipsec-tools/src/racoon/cfparse.y"
3549	{
3550	struct remoteconf *new;
3551
3552	new = newrmconf();
3553	if (new == NULL) {
3554	yyerror("failed to get new remoteconf.");
3555	return -1;
3556	}
3557
3558	new->remote = yystack.l_mark[0].saddr;
3559	cur_rmconf = new;
3560	}
3561	break;
3562	case 250:
3563	#line 1779 "../../ipsec-tools/src/racoon/cfparse.y"
3564	{
3565	if (process_rmconf() != 0)
3566	return -1;
3567	}
3568	break;
3569	case 251:
3570	#line 1787 "../../ipsec-tools/src/racoon/cfparse.y"
3571	{
3572	if (process_rmconf() != 0)
3573	return -1;
3574	}
3575	break;
3576	case 252:
3577	#line 1794 "../../ipsec-tools/src/racoon/cfparse.y"
3578	{
3579	yyval.saddr = newsaddr(sizeof(struct sockaddr));
3580	yyval.saddr->sa_family = AF_UNSPEC;
3581	((struct sockaddr_in *)yyval.saddr)->sin_port = htons(yystack.l_mark[0].num);
3582	}
3583	break;
3584	case 253:
3585	#line 1800 "../../ipsec-tools/src/racoon/cfparse.y"
3586	{
3587	yyval.saddr = yystack.l_mark[0].saddr;
3588	if (yyval.saddr == NULL) {
3589	yyerror("failed to allocate sockaddr");
3590	return -1;
3591	}
3592	}
3593	break;
3594	case 256:
3595	#line 1814 "../../ipsec-tools/src/racoon/cfparse.y"
3596	{
3597	if (cur_rmconf->remote != NULL) {
3598	yyerror("remote_address already specified");
3599	return -1;
3600	}
3601	cur_rmconf->remote = yystack.l_mark[0].saddr;
3602	}
3603	break;
3604	case 258:
3605	#line 1823 "../../ipsec-tools/src/racoon/cfparse.y"
3606	{
3607	cur_rmconf->etypes = NULL;
3608	}
3609	break;
3610	case 260:
3611	#line 1827 "../../ipsec-tools/src/racoon/cfparse.y"
3612	{ cur_rmconf->doitype = yystack.l_mark[0].num; }
3613	break;
3614	case 262:
3615	#line 1828 "../../ipsec-tools/src/racoon/cfparse.y"
3616	{ cur_rmconf->sittype = yystack.l_mark[0].num; }
3617	break;
3618	case 265:
3619	#line 1831 "../../ipsec-tools/src/racoon/cfparse.y"
3620	{
3621	yywarn("This directive without certtype will be removed!\n");
3622	yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", yystack.l_mark[0].val->v);
3623
3624	if (cur_rmconf->peerscert != NULL) {
3625	yyerror("peers_certfile already defined\n");
3626	return -1;
3627	}
3628
3629	if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile,
3630	&cur_rmconf->peerscert)) {
3631	yyerror("failed to load certificate \"%s\"\n",
3632	yystack.l_mark[0].val->v);
3633	return -1;
3634	}
3635
3636	vfree(yystack.l_mark[0].val);
3637	}
3638	break;
3639	case 267:
3640	#line 1851 "../../ipsec-tools/src/racoon/cfparse.y"
3641	{
3642	if (cur_rmconf->peerscert != NULL) {
3643	yyerror("peers_certfile already defined\n");
3644	return -1;
3645	}
3646
3647	if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile,
3648	&cur_rmconf->peerscert)) {
3649	yyerror("failed to load certificate \"%s\"\n",
3650	yystack.l_mark[0].val->v);
3651	return -1;
3652	}
3653
3654	vfree(yystack.l_mark[0].val);
3655	}
3656	break;
3657	case 269:
3658	#line 1868 "../../ipsec-tools/src/racoon/cfparse.y"
3659	{
3660	char path[MAXPATHLEN];
3661	int ret = 0;
3662
3663	if (cur_rmconf->peerscert != NULL) {
3664	yyerror("peers_certfile already defined\n");
3665	return -1;
3666	}
3667
3668	cur_rmconf->peerscert = vmalloc(1);
3669	if (cur_rmconf->peerscert == NULL) {
3670	yyerror("failed to allocate peerscert");
3671	return -1;
3672	}
3673	cur_rmconf->peerscert->v[0] = ISAKMP_CERT_PLAINRSA;
3674
3675	getpathname(path, sizeof(path),
3676	LC_PATHTYPE_CERT, yystack.l_mark[0].val->v);
3677	if (rsa_parse_file(cur_rmconf->rsa_public, path,
3678	RSA_TYPE_PUBLIC)) {
3679	yyerror("Couldn't parse keyfile.\n", path);
3680	return -1;
3681	}
3682	plog(LLV_DEBUG, LOCATION, NULL,
3683	"Public PlainRSA keyfile parsed: %s\n", path);
3684
3685	vfree(yystack.l_mark[0].val);
3686	}
3687	break;
3688	case 271:
3689	#line 1898 "../../ipsec-tools/src/racoon/cfparse.y"
3690	{
3691	if (cur_rmconf->peerscert != NULL) {
3692	yyerror("peers_certfile already defined\n");
3693	return -1;
3694	}
3695	cur_rmconf->peerscert = vmalloc(1);
3696	if (cur_rmconf->peerscert == NULL) {
3697	yyerror("failed to allocate peerscert");
3698	return -1;
3699	}
3700	cur_rmconf->peerscert->v[0] = ISAKMP_CERT_DNS;
3701	}
3702	break;
3703	case 273:
3704	#line 1912 "../../ipsec-tools/src/racoon/cfparse.y"
3705	{
3706	if (cur_rmconf->cacert != NULL) {
3707	yyerror("ca_type already defined\n");
3708	return -1;
3709	}
3710
3711	if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->cacertfile,
3712	&cur_rmconf->cacert)) {
3713	yyerror("failed to load certificate \"%s\"\n",
3714	yystack.l_mark[0].val->v);
3715	return -1;
3716	}
3717
3718	vfree(yystack.l_mark[0].val);
3719	}
3720	break;
3721	case 275:
3722	#line 1928 "../../ipsec-tools/src/racoon/cfparse.y"
3723	{ cur_rmconf->verify_cert = yystack.l_mark[0].num; }
3724	break;
3725	case 277:
3726	#line 1929 "../../ipsec-tools/src/racoon/cfparse.y"
3727	{ cur_rmconf->send_cert = yystack.l_mark[0].num; }
3728	break;
3729	case 279:
3730	#line 1930 "../../ipsec-tools/src/racoon/cfparse.y"
3731	{ cur_rmconf->send_cr = yystack.l_mark[0].num; }
3732	break;
3733	case 281:
3734	#line 1931 "../../ipsec-tools/src/racoon/cfparse.y"
3735	{ cur_rmconf->match_empty_cr = yystack.l_mark[0].num; }
3736	break;
3737	case 283:
3738	#line 1933 "../../ipsec-tools/src/racoon/cfparse.y"
3739	{
3740	if (set_identifier(&cur_rmconf->idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) {
3741	yyerror("failed to set identifer.\n");
3742	return -1;
3743	}
3744	cur_rmconf->idvtype = yystack.l_mark[-1].num;
3745	}
3746	break;
3747	case 285:
3748	#line 1942 "../../ipsec-tools/src/racoon/cfparse.y"
3749	{
3750	if (set_identifier_qual(&cur_rmconf->idv, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) {
3751	yyerror("failed to set identifer.\n");
3752	return -1;
3753	}
3754	cur_rmconf->idvtype = yystack.l_mark[-2].num;
3755	}
3756	break;
3757	case 287:
3758	#line 1951 "../../ipsec-tools/src/racoon/cfparse.y"
3759	{
3760	#ifdef ENABLE_HYBRID
3761	/* formerly identifier type login */
3762	if (xauth_rmconf_used(&cur_rmconf->xauth) == -1) {
3763	yyerror("failed to allocate xauth state\n");
3764	return -1;
3765	}
3766	if ((cur_rmconf->xauth->login = vdup(yystack.l_mark[0].val)) == NULL) {
3767	yyerror("failed to set identifer.\n");
3768	return -1;
3769	}
3770	#else
3771	yyerror("racoon not configured with --enable-hybrid");
3772	#endif
3773	}
3774	break;
3775	case 289:
3776	#line 1968 "../../ipsec-tools/src/racoon/cfparse.y"
3777	{
3778	struct idspec *id;
3779	id = newidspec();
3780	if (id == NULL) {
3781	yyerror("failed to allocate idspec");
3782	return -1;
3783	}
3784	if (set_identifier(&id->id, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) {
3785	yyerror("failed to set identifer.\n");
3786	racoon_free(id);
3787	return -1;
3788	}
3789	id->idtype = yystack.l_mark[-1].num;
3790	genlist_append (cur_rmconf->idvl_p, id);
3791	}
3792	break;
3793	case 291:
3794	#line 1985 "../../ipsec-tools/src/racoon/cfparse.y"
3795	{
3796	struct idspec *id;
3797	id = newidspec();
3798	if (id == NULL) {
3799	yyerror("failed to allocate idspec");
3800	return -1;
3801	}
3802	if (set_identifier_qual(&id->id, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) {
3803	yyerror("failed to set identifer.\n");
3804	racoon_free(id);
3805	return -1;
3806	}
3807	id->idtype = yystack.l_mark[-2].num;
3808	genlist_append (cur_rmconf->idvl_p, id);
3809	}
3810	break;
3811	case 293:
3812	#line 2001 "../../ipsec-tools/src/racoon/cfparse.y"
3813	{ cur_rmconf->verify_identifier = yystack.l_mark[0].num; }
3814	break;
3815	case 295:
3816	#line 2002 "../../ipsec-tools/src/racoon/cfparse.y"
3817	{ cur_rmconf->nonce_size = yystack.l_mark[0].num; }
3818	break;
3819	case 297:
3820	#line 2004 "../../ipsec-tools/src/racoon/cfparse.y"
3821	{
3822	yyerror("dh_group cannot be defined here.");
3823	return -1;
3824	}
3825	break;
3826	case 299:
3827	#line 2009 "../../ipsec-tools/src/racoon/cfparse.y"
3828	{ cur_rmconf->passive = yystack.l_mark[0].num; }
3829	break;
3830	case 301:
3831	#line 2010 "../../ipsec-tools/src/racoon/cfparse.y"
3832	{ cur_rmconf->ike_frag = yystack.l_mark[0].num; }
3833	break;
3834	case 303:
3835	#line 2011 "../../ipsec-tools/src/racoon/cfparse.y"
3836	{ cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; }
3837	break;
3838	case 305:
3839	#line 2012 "../../ipsec-tools/src/racoon/cfparse.y"
3840	{
3841	#ifdef SADB_X_EXT_NAT_T_FRAG
3842	if (libipsec_opt & LIBIPSEC_OPT_FRAG)
3843	cur_rmconf->esp_frag = yystack.l_mark[0].num;
3844	else
3845	yywarn("libipsec lacks IKE frag support");
3846	#else
3847	yywarn("Your kernel does not support esp_frag");
3848	#endif
3849	}
3850	break;
3851	case 307:
3852	#line 2022 "../../ipsec-tools/src/racoon/cfparse.y"
3853	{
3854	if (cur_rmconf->script[SCRIPT_PHASE1_UP] != NULL)
3855	vfree(cur_rmconf->script[SCRIPT_PHASE1_UP]);
3856
3857	cur_rmconf->script[SCRIPT_PHASE1_UP] =
3858	script_path_add(vdup(yystack.l_mark[-1].val));
3859	}
3860	break;
3861	case 309:
3862	#line 2029 "../../ipsec-tools/src/racoon/cfparse.y"
3863	{
3864	if (cur_rmconf->script[SCRIPT_PHASE1_DOWN] != NULL)
3865	vfree(cur_rmconf->script[SCRIPT_PHASE1_DOWN]);
3866
3867	cur_rmconf->script[SCRIPT_PHASE1_DOWN] =
3868	script_path_add(vdup(yystack.l_mark[-1].val));
3869	}
3870	break;
3871	case 311:
3872	#line 2036 "../../ipsec-tools/src/racoon/cfparse.y"
3873	{
3874	if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL)
3875	vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]);
3876
3877	cur_rmconf->script[SCRIPT_PHASE1_DEAD] =
3878	script_path_add(vdup(yystack.l_mark[-1].val));
3879	}
3880	break;
3881	case 313:
3882	#line 2043 "../../ipsec-tools/src/racoon/cfparse.y"
3883	{ cur_rmconf->mode_cfg = yystack.l_mark[0].num; }
3884	break;
3885	case 315:
3886	#line 2044 "../../ipsec-tools/src/racoon/cfparse.y"
3887	{
3888	cur_rmconf->weak_phase1_check = yystack.l_mark[0].num;
3889	}
3890	break;
3891	case 317:
3892	#line 2047 "../../ipsec-tools/src/racoon/cfparse.y"
3893	{ cur_rmconf->gen_policy = yystack.l_mark[0].num; }
3894	break;
3895	case 319:
3896	#line 2048 "../../ipsec-tools/src/racoon/cfparse.y"
3897	{ cur_rmconf->gen_policy = yystack.l_mark[0].num; }
3898	break;
3899	case 321:
3900	#line 2049 "../../ipsec-tools/src/racoon/cfparse.y"
3901	{ cur_rmconf->support_proxy = yystack.l_mark[0].num; }
3902	break;
3903	case 323:
3904	#line 2050 "../../ipsec-tools/src/racoon/cfparse.y"
3905	{ cur_rmconf->ini_contact = yystack.l_mark[0].num; }
3906	break;
3907	case 325:
3908	#line 2052 "../../ipsec-tools/src/racoon/cfparse.y"
3909	{
3910	#ifdef ENABLE_NATT
3911	if (libipsec_opt & LIBIPSEC_OPT_NATT)
3912	cur_rmconf->nat_traversal = yystack.l_mark[0].num;
3913	else
3914	yyerror("libipsec lacks NAT-T support");
3915	#else
3916	yyerror("NAT-T support not compiled in.");
3917	#endif
3918	}
3919	break;
3920	case 327:
3921	#line 2063 "../../ipsec-tools/src/racoon/cfparse.y"
3922	{
3923	#ifdef ENABLE_NATT
3924	if (libipsec_opt & LIBIPSEC_OPT_NATT)
3925	cur_rmconf->nat_traversal = NATT_FORCE;
3926	else
3927	yyerror("libipsec lacks NAT-T support");
3928	#else
3929	yyerror("NAT-T support not compiled in.");
3930	#endif
3931	}
3932	break;
3933	case 329:
3934	#line 2074 "../../ipsec-tools/src/racoon/cfparse.y"
3935	{
3936	#ifdef ENABLE_DPD
3937	cur_rmconf->dpd = yystack.l_mark[0].num;
3938	#else
3939	yyerror("DPD support not compiled in.");
3940	#endif
3941	}
3942	break;
3943	case 331:
3944	#line 2082 "../../ipsec-tools/src/racoon/cfparse.y"
3945	{
3946	#ifdef ENABLE_DPD
3947	cur_rmconf->dpd_interval = yystack.l_mark[0].num;
3948	#else
3949	yyerror("DPD support not compiled in.");
3950	#endif
3951	}
3952	break;
3953	case 333:
3954	#line 2091 "../../ipsec-tools/src/racoon/cfparse.y"
3955	{
3956	#ifdef ENABLE_DPD
3957	cur_rmconf->dpd_retry = yystack.l_mark[0].num;
3958	#else
3959	yyerror("DPD support not compiled in.");
3960	#endif
3961	}
3962	break;
3963	case 335:
3964	#line 2100 "../../ipsec-tools/src/racoon/cfparse.y"
3965	{
3966	#ifdef ENABLE_DPD
3967	cur_rmconf->dpd_maxfails = yystack.l_mark[0].num;
3968	#else
3969	yyerror("DPD support not compiled in.");
3970	#endif
3971	}
3972	break;
3973	case 337:
3974	#line 2108 "../../ipsec-tools/src/racoon/cfparse.y"
3975	{ cur_rmconf->rekey = yystack.l_mark[0].num; }
3976	break;
3977	case 339:
3978	#line 2109 "../../ipsec-tools/src/racoon/cfparse.y"
3979	{ cur_rmconf->rekey = REKEY_FORCE; }
3980	break;
3981	case 341:
3982	#line 2111 "../../ipsec-tools/src/racoon/cfparse.y"
3983	{
3984	cur_rmconf->ph1id = yystack.l_mark[0].num;
3985	}
3986	break;
3987	case 343:
3988	#line 2116 "../../ipsec-tools/src/racoon/cfparse.y"
3989	{
3990	cur_rmconf->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num;
3991	}
3992	break;
3993	case 345:
3994	#line 2120 "../../ipsec-tools/src/racoon/cfparse.y"
3995	{ cur_rmconf->pcheck_level = yystack.l_mark[0].num; }
3996	break;
3997	case 347:
3998	#line 2122 "../../ipsec-tools/src/racoon/cfparse.y"
3999	{
4000	#if 1
4001	yyerror("byte lifetime support is deprecated in Phase1");
4002	return -1;
4003	#else
4004	yywarn("the lifetime of bytes in phase 1 "
4005	"will be ignored at the moment.");
4006	cur_rmconf->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num);
4007	if (cur_rmconf->lifebyte == 0)
4008	return -1;
4009	#endif
4010	}
4011	break;
4012	case 349:
4013	#line 2136 "../../ipsec-tools/src/racoon/cfparse.y"
4014	{
4015	struct secprotospec *spspec;
4016
4017	spspec = newspspec();
4018	if (spspec == NULL)
4019	return -1;
4020	insspspec(cur_rmconf, spspec);
4021	}
4022	break;
4023	case 352:
4024	#line 2149 "../../ipsec-tools/src/racoon/cfparse.y"
4025	{
4026	struct etypes *new;
4027	new = racoon_malloc(sizeof(struct etypes));
4028	if (new == NULL) {
4029	yyerror("failed to allocate etypes");
4030	return -1;
4031	}
4032	new->type = yystack.l_mark[0].num;
4033	new->next = NULL;
4034	if (cur_rmconf->etypes == NULL)
4035	cur_rmconf->etypes = new;
4036	else {
4037	struct etypes *p;
4038	for (p = cur_rmconf->etypes;
4039	p->next != NULL;
4040	p = p->next)
4041	;
4042	p->next = new;
4043	}
4044	}
4045	break;
4046	case 353:
4047	#line 2172 "../../ipsec-tools/src/racoon/cfparse.y"
4048	{
4049	if (cur_rmconf->mycert != NULL) {
4050	yyerror("certificate_type already defined\n");
4051	return -1;
4052	}
4053
4054	if (load_x509(yystack.l_mark[-1].val->v, &cur_rmconf->mycertfile,
4055	&cur_rmconf->mycert)) {
4056	yyerror("failed to load certificate \"%s\"\n",
4057	yystack.l_mark[-1].val->v);
4058	return -1;
4059	}
4060
4061	cur_rmconf->myprivfile = racoon_strdup(yystack.l_mark[0].val->v);
4062	STRDUP_FATAL(cur_rmconf->myprivfile);
4063
4064	vfree(yystack.l_mark[-1].val);
4065	vfree(yystack.l_mark[0].val);
4066	}
4067	break;
4068	case 355:
4069	#line 2193 "../../ipsec-tools/src/racoon/cfparse.y"
4070	{
4071	char path[MAXPATHLEN];
4072	int ret = 0;
4073
4074	if (cur_rmconf->mycert != NULL) {
4075	yyerror("certificate_type already defined\n");
4076	return -1;
4077	}
4078
4079	cur_rmconf->mycert = vmalloc(1);
4080	if (cur_rmconf->mycert == NULL) {
4081	yyerror("failed to allocate mycert");
4082	return -1;
4083	}
4084	cur_rmconf->mycert->v[0] = ISAKMP_CERT_PLAINRSA;
4085
4086	getpathname(path, sizeof(path),
4087	LC_PATHTYPE_CERT, yystack.l_mark[0].val->v);
4088	cur_rmconf->send_cr = FALSE;
4089	cur_rmconf->send_cert = FALSE;
4090	cur_rmconf->verify_cert = FALSE;
4091	if (rsa_parse_file(cur_rmconf->rsa_private, path,
4092	RSA_TYPE_PRIVATE)) {
4093	yyerror("Couldn't parse keyfile.\n", path);
4094	return -1;
4095	}
4096	plog(LLV_DEBUG, LOCATION, NULL,
4097	"Private PlainRSA keyfile parsed: %s\n", path);
4098	vfree(yystack.l_mark[0].val);
4099	}
4100	break;
4101	case 357:
4102	#line 2227 "../../ipsec-tools/src/racoon/cfparse.y"
4103	{
4104	yyval.num = algtype2doi(algclass_isakmp_dh, yystack.l_mark[0].num);
4105	if (yyval.num == -1) {
4106	yyerror("must be DH group");
4107	return -1;
4108	}
4109	}
4110	break;
4111	case 358:
4112	#line 2235 "../../ipsec-tools/src/racoon/cfparse.y"
4113	{
4114	if (ARRAYLEN(num2dhgroup) > yystack.l_mark[0].num && num2dhgroup[yystack.l_mark[0].num] != 0) {
4115	yyval.num = num2dhgroup[yystack.l_mark[0].num];
4116	} else {
4117	yyerror("must be DH group");
4118	yyval.num = 0;
4119	return -1;
4120	}
4121	}
4122	break;
4123	case 359:
4124	#line 2246 "../../ipsec-tools/src/racoon/cfparse.y"
4125	{ yyval.val = NULL; }
4126	break;
4127	case 360:
4128	#line 2247 "../../ipsec-tools/src/racoon/cfparse.y"
4129	{ yyval.val = yystack.l_mark[0].val; }
4130	break;
4131	case 361:
4132	#line 2248 "../../ipsec-tools/src/racoon/cfparse.y"
4133	{ yyval.val = yystack.l_mark[0].val; }
4134	break;
4135	case 364:
4136	#line 2256 "../../ipsec-tools/src/racoon/cfparse.y"
4137	{
4138	cur_rmconf->spspec->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num;
4139	}
4140	break;
4141	case 366:
4142	#line 2261 "../../ipsec-tools/src/racoon/cfparse.y"
4143	{
4144	#if 1
4145	yyerror("byte lifetime support is deprecated");
4146	return -1;
4147	#else
4148	cur_rmconf->spspec->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num);
4149	if (cur_rmconf->spspec->lifebyte == 0)
4150	return -1;
4151	#endif
4152	}
4153	break;
4154	case 368:
4155	#line 2273 "../../ipsec-tools/src/racoon/cfparse.y"
4156	{
4157	cur_rmconf->spspec->algclass[algclass_isakmp_dh] = yystack.l_mark[0].num;
4158	}
4159	break;
4160	case 370:
4161	#line 2278 "../../ipsec-tools/src/racoon/cfparse.y"
4162	{
4163	if (cur_rmconf->spspec->vendorid != VENDORID_GSSAPI) {
4164	yyerror("wrong Vendor ID for gssapi_id");
4165	return -1;
4166	}
4167	if (cur_rmconf->spspec->gssid != NULL)
4168	racoon_free(cur_rmconf->spspec->gssid);
4169	cur_rmconf->spspec->gssid =
4170	racoon_strdup(yystack.l_mark[0].val->v);
4171	STRDUP_FATAL(cur_rmconf->spspec->gssid);
4172	}
4173	break;
4174	case 372:
4175	#line 2291 "../../ipsec-tools/src/racoon/cfparse.y"
4176	{
4177	int doi;
4178	int defklen;
4179
4180	doi = algtype2doi(yystack.l_mark[-2].num, yystack.l_mark[-1].num);
4181	if (doi == -1) {
4182	yyerror("algorithm mismatched 1");
4183	return -1;
4184	}
4185
4186	switch (yystack.l_mark[-2].num) {
4187	case algclass_isakmp_enc:
4188	/* reject suppressed algorithms */
4189	#ifndef HAVE_OPENSSL_RC5_H
4190	if (yystack.l_mark[-1].num == algtype_rc5) {
4191	yyerror("algorithm %s not supported",
4192	s_attr_isakmp_enc(doi));
4193	return -1;
4194	}
4195	#endif
4196	#ifndef HAVE_OPENSSL_IDEA_H
4197	if (yystack.l_mark[-1].num == algtype_idea) {
4198	yyerror("algorithm %s not supported",
4199	s_attr_isakmp_enc(doi));
4200	return -1;
4201	}
4202	#endif
4203
4204	cur_rmconf->spspec->algclass[algclass_isakmp_enc] = doi;
4205	defklen = default_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num);
4206	if (defklen == 0) {
4207	if (yystack.l_mark[0].num) {
4208	yyerror("keylen not allowed");
4209	return -1;
4210	}
4211	} else {
4212	if (yystack.l_mark[0].num && check_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) {
4213	yyerror("invalid keylen %d", yystack.l_mark[0].num);
4214	return -1;
4215	}
4216	}
4217	if (yystack.l_mark[0].num)
4218	cur_rmconf->spspec->encklen = yystack.l_mark[0].num;
4219	else
4220	cur_rmconf->spspec->encklen = defklen;
4221	break;
4222	case algclass_isakmp_hash:
4223	cur_rmconf->spspec->algclass[algclass_isakmp_hash] = doi;
4224	break;
4225	case algclass_isakmp_ameth:
4226	cur_rmconf->spspec->algclass[algclass_isakmp_ameth] = doi;
4227	/*
4228	* We may have to set the Vendor ID for the
4229	* authentication method we're using.
4230	*/
4231	switch (yystack.l_mark[-1].num) {
4232	case algtype_gssapikrb:
4233	if (cur_rmconf->spspec->vendorid !=
4234	VENDORID_UNKNOWN) {
4235	yyerror("Vendor ID mismatch "
4236	"for auth method");
4237	return -1;
4238	}
4239	/*
4240	* For interoperability with Win2k,
4241	* we set the Vendor ID to "GSSAPI".
4242	*/
4243	cur_rmconf->spspec->vendorid =
4244	VENDORID_GSSAPI;
4245	break;
4246	case algtype_rsasig:
4247	if (oakley_get_certtype(cur_rmconf->peerscert) == ISAKMP_CERT_PLAINRSA) {
4248	if (rsa_list_count(cur_rmconf->rsa_private) == 0) {
4249	yyerror ("Private PlainRSA key not set. "
4250	"Use directive 'certificate_type plainrsa ...'\n");
4251	return -1;
4252	}
4253	if (rsa_list_count(cur_rmconf->rsa_public) == 0) {
4254	yyerror ("Public PlainRSA keys not set. "
4255	"Use directive 'peers_certfile plainrsa ...'\n");
4256	return -1;
4257	}
4258	}
4259	break;
4260	default:
4261	break;
4262	}
4263	break;
4264	default:
4265	yyerror("algorithm mismatched 2");
4266	return -1;
4267	}
4268	}
4269	break;
4270	case 374:
4271	#line 2388 "../../ipsec-tools/src/racoon/cfparse.y"
4272	{ yyval.num = 1; }
4273	break;
4274	case 375:
4275	#line 2389 "../../ipsec-tools/src/racoon/cfparse.y"
4276	{ yyval.num = 60; }
4277	break;
4278	case 376:
4279	#line 2390 "../../ipsec-tools/src/racoon/cfparse.y"
4280	{ yyval.num = (60 * 60); }
4281	break;
4282	case 377:
4283	#line 2393 "../../ipsec-tools/src/racoon/cfparse.y"
4284	{ yyval.num = 1; }
4285	break;
4286	case 378:
4287	#line 2394 "../../ipsec-tools/src/racoon/cfparse.y"
4288	{ yyval.num = 1024; }
4289	break;
4290	case 379:
4291	#line 2395 "../../ipsec-tools/src/racoon/cfparse.y"
4292	{ yyval.num = (1024 * 1024); }
4293	break;
4294	case 380:
4295	#line 2396 "../../ipsec-tools/src/racoon/cfparse.y"
4296	{ yyval.num = (1024 * 1024 * 1024); }
4297	break;
4298	#line 4299 "racoonyy.tab.c"
4299	}
4300	yystack.s_mark -= yym;
4301	yystate = *yystack.s_mark;
4302	yystack.l_mark -= yym;
4303	yym = yylhs[yyn];
4304	if (yystate == 0 && yym == 0)
4305	{
4306	#if YYDEBUG
4307	if (yydebug)
4308	printf("%sdebug: after reduction, shifting from state 0 to\
4309	state %d\n", YYPREFIX, YYFINAL);
4310	#endif
4311	yystate = YYFINAL;
4312	*++yystack.s_mark = YYFINAL;
4313	*++yystack.l_mark = yyval;
4314	if (yychar < 0)
4315	{
4316	yychar = YYLEX;
4317	if (yychar < 0) yychar = YYEOF;
4318	#if YYDEBUG
4319	if (yydebug)
4320	{
4321	if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
4322	printf("%sdebug: state %d, reading %d (%s)\n",
4323	YYPREFIX, YYFINAL, yychar, yys);
4324	}
4325	#endif
4326	}
4327	if (yychar == YYEOF) goto yyaccept;
4328	goto yyloop;
4329	}
4330	if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 &&
4331	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate)
4332	yystate = yytable[yyn];
4333	else
4334	yystate = yydgoto[yym];
4335	#if YYDEBUG
4336	if (yydebug)
4337	printf("%sdebug: after reduction, shifting from state %d \
4338	to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
4339	#endif
4340	if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
4341	*++yystack.s_mark = (YYINT) yystate;
4342	*++yystack.l_mark = yyval;
4343	goto yyloop;
4344
4345	yyoverflow:
4346	YYERROR_CALL("yacc stack overflow");
4347
4348	yyabort:
4349	yyfreestack(&yystack);
4350	return (1);
4351
4352	yyaccept:
4353	yyfreestack(&yystack);
4354	return (0);
4355	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/racoon/cfparse.c @ b376ae1

Download in other formats: